Re: Check User history

antoniogemelli · ‎01-25-2018

Hello, There is a way to check with powershell script user history? Is possible to check who deactivate /modified or delete User ? Thanks

LucD · ‎01-25-2018

Which kind of users are you talking about?

Local on the vCenter or ESXi node, or in the SSO domain?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

antoniogemelli · ‎01-25-2018

Local user

LucD · ‎01-25-2018

On the vCenter or ESXi node(s)?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

antoniogemelli · ‎01-25-2018

vcenter

LucD · ‎01-25-2018

You would have to check the logs of the OS on which the vCenter is running.

But afaik there is no method to query that info via a vSphere API.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

LucD · ‎01-25-2018

Or do you actually mean the Principals that are used in Permission assignments on the vCenter?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

antoniogemelli · ‎01-25-2018

I would like to check if the account was in vcenter before give permission and why disappear (maybe expired?)

LucD · ‎01-25-2018

Like I mentioned earlier, there are afaik no public API to retrieve that information from the PSC.

One option, but which is rather circumstantial, is to forward the logs of the VCSA to LogInsight, and then use the LogInsight API to query the content of the logs.

William did a great post on the subject in Auditing/Logging vCenter Server authentication & authorization activities

See also Re: Get SSO Config inromation with PowerCLI for further info on this.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

Check User history