Re: Scipt to give Administrator role for AD group

RajuVCP · ‎06-22-2017

Hi All,

I have numerous selected of esxi hosts across multiple vCenter. I was looking for a script which can add ad group and provide Administrator role on all the hosts.

Script should pick the hosts names from the text file .

Raju Gunnal VCP 4, VCP 5, VTSP 4, VTSP 5, ITIL V3 http://www.techtosolution.com

theaaronstrong · ‎06-22-2017

Can you link all the vCenters and use PowerCLI to add the users to the Admin group?

LucD · ‎06-22-2017

Are all these ESXi node already joined to AD?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

RajuVCP · ‎06-23-2017

Yes all esxi node are joined to domain, but some how one AD group/service account is out from the esxi.

I need to add that AD service account to many esxi hosts with Administrator role.

Raju Gunnal VCP 4, VCP 5, VTSP 4, VTSP 5, ITIL V3 http://www.techtosolution.com

LucD · ‎06-23-2017

Did you try the method in Re: Add AD group as Administrator on esxi

Note that you need to be connected (Connect-VIServer) to the ESXi node when you execute the Set-VMHostAuthentication

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

ITaaP · ‎06-23-2017

Maybe something like this.

Add host names to the vmhosts.nfs file. Run the following.

Connect-VIServer -Server vcenter01
$hosts = Import-CSV vmhosts.nfs
foreach ($vmhost in $hosts){
 write-host Doing $vmhost.vmHost
    $x = Get-VMHost -Name $vmhost.vmHost | New-VIPermission -Role Admin -Principal domain\group
    write-host $x
     }

https://tactsol.com https://vmware.solutions

RajuVCP · ‎06-24-2017

Hi ITaaP,

I tried with the script you provided, but I got below given error message, I could not able to under what was that error for.

Import-Csv : Cannot bind parameter 'Delimiter'. Cannot convert value "server"

to type "System.Char". Error: "String must be exactly one character long."

At C:\Users\Myself\Desktop\esxi server unknown\ADserviceACadd.ps1:3 char:51

+ $hosts = Import-CSV C:\Users\Myself\Desktop\esxi server unknown\vmho ...

+ ~~~~~~

+ CategoryInfo : InvalidArgument: (:) [Import-Csv], ParameterBind

ingException

+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerSh

ell.Commands.ImportCsvCommand

Not sure if I edited the lines correctly. I added my hosts in .nfs file.

connect-VIServer -Server vcenter01

$hosts = Import-CSV C:\Users\Myself\Desktop\esxi server unknown\vmhosts.nfs

foreach ($vmhost in $hosts){
write-host Doing $vmhost.vmHost
$x = Get-VMHost -Name $vmhost.vmHost | New-VIPermission -Role Admin - Principal XYZ.com\ServiceAccount
write-hosts $x
}

Raju Gunnal VCP 4, VCP 5, VTSP 4, VTSP 5, ITIL V3 http://www.techtosolution.com

ITaaP · ‎06-24-2017

You have spaces in your file path. Add quotes so it is read correctly.

"C:\Users\Myself\Desktop\esxi server unknown\vmhosts.nfs"

https://tactsol.com https://vmware.solutions

RajuVCP · ‎06-25-2017

I removed Space from the folder path, but seems still am missing something.. I ran the script got below given error message.

One more thing am adding AD service account but not the AD-GROUP.

Name                           Port User
----                           ---- ----
vcenter01                   443   xyz.com\Myself
Doing esxi-1.xyz.com
Get-VMHost : A positional parameter cannot be found that accepts argument
'@{VMHost=esxi-1.xyz.com}'.
At C:\Users\Myself\Desktop\esxiuknownserver\ADserviceACadd.ps1:7 char:6
+ $x = Get-VMHost $VMHost -Name $VMhost.VMhost | New-VIPermission -Role ...
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-VMHost], ParameterBind
   ingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,VMware.VimAutomation
   .ViCore.Cmdlets.Commands.GetVMHost

Doing esxi-2.xyz.com
Get-VMHost : A positional parameter cannot be found that accepts argument
'@{VMHost= esxi-2.xyz.com}'.
At C:\Users\Myself\Desktop\esxiuknownserver\ADserviceACadd.ps1:7 char:6
+ $x = Get-VMHost $VMHost -Name $VMhost.VMhost | New-VIPermission -Role ...
+      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-VMHost], ParameterBind
   ingException
    + FullyQualifiedErrorId : PositionalParameterNotFound,VMware.VimAutomation
   .ViCore.Cmdlets.Commands.GetVMHost

Raju Gunnal VCP 4, VCP 5, VTSP 4, VTSP 5, ITIL V3 http://www.techtosolution.com