- name: Patch Domain Controllers via JEA
  hosts: domain_controllers
  gather_facts: no
  tasks:
    - name: Get available updates
      win_shell: |
        Invoke-Command -ConfigurationName DCMaintenance -ScriptBlock { Get-WindowsUpdate }

    - name: Install updates
      win_shell: |
        Invoke-Command -ConfigurationName DCMaintenance -ScriptBlock { Install-WindowsUpdate -AcceptAll -AutoReboot }

    - name: Get update history
      win_shell: |
        Invoke-Command -ConfigurationName DCMaintenance -ScriptBlock { Get-WUHistory }

    - name: Restart domain controller
      win_shell: |
        Invoke-Command -ConfigurationName DCMaintenance -ScriptBlock { Restart-Computer -Force }