Ansible – Find local admin group name in Windows by well-known SID

on non-english versions of Windows the local admin group has different spelling.
If you have a task which is use win_group_membership module in Ansible to add users to local admin group you usually have to provide the correct group name.

To make your Ansible playbook universal it is necessary to not hardcode the local admin group name.

The following playbook shows how to get the nano of the local admin group in Windows by using the well-know SID.

- hosts: windows
    win_path_seperator: '\'


    - name: Get local admin group name
      win_shell: |
        $admins = ([System.Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate( [System.Security.Principal.NTAccount]).Value
        write-host $admins
      register: localadmin_result
      changed_when: false

    - name:  debug output local admin group name result
        msg: "{{ localadmin_result.stdout.split(win_path_seperator)[-1] | trim }}"