Implement feature to flatten group members (closes #128)

plugins/module_utils/_ADObject.psm1

@@ -543,6 +543,9 @@ Function ConvertTo-AnsibleADDistinguishedName {
         [string]
         $Server,
 
+        [Switch]
+        $NestedGroupFlatten,
+
         [PSCredential]
         $Credential,
 
@@ -611,10 +614,17 @@ Function ConvertTo-AnsibleADDistinguishedName {
                 continue
             }
 
-            $adDN = Get-AnsibleADObject @getParams |
-                Select-Object -ExpandProperty DistinguishedName
-            if ($adDN) {
-                $results.Add($adDN)
+            $object = Get-AnsibleADObject @getParams
+            if ($object) {
+                if ($NestedGroupFlatten -and $object.ObjectClass -eq "group") {
+                    $dns = Get-ADGroupMember @getParams -Recursive | Select-Object -ExpandProperty DistinguishedName
+                }
+                else {
+                    $dns = $object | Select-Object -ExpandProperty DistinguishedName
+                }
+                foreach ($dn in $dns) {
+                    $results.Add($dn)
+                }
             }
             else {
                 $invalidIdentities.Add($getParams.Identity)
@@ -1043,6 +1053,13 @@ Function Invoke-AnsibleADObject {
         }
     )
 
+    if ($ModuleNoun -eq "ADGroup") {
+        $spec.options['flatten'] = @{
+            type = 'bool'
+            default = $false
+        }
+    }
+
     $module = [Ansible.Basic.AnsibleModule]::Create(@(), $spec)
     $module.Result.distinguished_name = $null
     $module.Result.object_guid = $null
@@ -1364,6 +1381,9 @@ Function Invoke-AnsibleADObject {
                                     Context = "$($propInfo.Name).$($actionKvp.Key)"
                                     FailureAction = $propValue.lookup_failure_action
                                 }
+                                if ($propInfo.Name -eq 'members' -and $module.Params.flatten) {
+                                    $convertParams['NestedGroupFlatten'] = $true
+                                }
                                 $dns = $actionKvp.Value | ConvertTo-AnsibleADDistinguishedName @adParams @convertParams
                                 $compareParams[$actionKvp.Key] = @($dns)
                             }

plugins/modules/group.yml

@@ -82,6 +82,12 @@ DOCUMENTATION:
             - Set this to an empty list to remove all members from a group.
           type: list
           elements: raw
+    flatten:
+      description:
+        - Flattens nested groups.
+      type: bool
+      default: false
+      version_added: 1.7.0
     sam_account_name:
       description:
         - The C(sAMAccountName) value to set for the group.

tests/integration/targets/group/tasks/tests.yml

@@ -363,6 +363,43 @@
       that:
       - not unset_member_again is changed
 
+  - name: create sub group and set members
+    group:
+      name: MySubGroup
+      scope: global
+      members:
+        set:
+          - my_user_1
+          - my_user_2
+    register: sub_group
+
+  - name: set members with sub group flattening
+    group:
+      name: MyGroup
+      flatten: true
+      members:
+        set:
+          - MySubGroup
+          - my_user_3
+    register: set_member_flattened
+
+  - name: get result of set members with flattening
+    object_info:
+      identity: '{{ object_identity }}'
+      properties:
+      - member
+    register: set_member_flattened_actual
+
+  - name: assert set members with flattening
+    assert:
+      that:
+      - set_member_flattened is changed
+      - set_member_flattened_actual.objects[0].member | length == 3
+      - test_users.results[0].distinguished_name in set_member_flattened_actual.objects[0].member
+      - test_users.results[1].distinguished_name in set_member_flattened_actual.objects[0].member
+      - test_users.results[2].distinguished_name in set_member_flattened_actual.objects[0].member
+      - sub_group.distinguished_name not in set_member_flattened_actual.objects[0].member
+
   - name: remove group - check
     group:
       name: MyGroup