Is there anyway to list users, create users and reset password for a user accounts in ESXi server. I can possibly use SSH, but I am looking for any vRO vCenter object that can run commands on the ESXi host. I think even esxcli still needs SSH to be enabled to connect to.
These might be useful -
Class VcHostAccessManager
Managed object used to control direct access to the host.
This should be used to control users and privileges on the host directly, which are different from the users and privileges defined in vCenter.
Link - vRO API Explorer by Dr Ruurd and Flores of ITQ
There is a method on this class to list user that can access the host and their privileges
Looks like this one then can manage those users
Class VcHostLocalAccountManager
This managed object type provides an interface through which local accounts on a host are managed. Note that this managed object applies only to applications that use a local account database on the host to provide authentication (ESX Server, for example). POSIX and win32 hosts may impose different restrictions on the password, ID, and description formats. POSIX host implementation may restrict the user or group name to be lower case letters and less than 16 characters in total. It may also disallow characters such as ";", "\n", and so on. In short, all the platform dependent rules and restrictions regarding naming of users/groups and password apply here. An InvalidArgument fault is thrown if any of these rules are not obeyed.
Link - vRO API Explorer by Dr Ruurd and Flores of ITQ
Links should point to vroapi.com
HTH
Thank you eoinbyrne. I will try this and post the findings.
What is/are the patent object(s) to get this object VcHostAccessManager? I have tried with VC:HostSystem, it did not work. I must be missing some other cascaded objects inbetween I believe. Any idea?
host.configManager.hostAccessMAnager
Thanks, I am able to list the local users, but do not see any explicit method for changing the password. I see updateSystemUsers, but do not see any arguments to pass the password. I also need to create a new user. Is it just adding a user name in the arguments or updateSystemUsers method?
I found more information and I see VcHostLocalAccountManager uses VcHostAccountSpec to update the user and password, but trying to figure out how to instantiate this object, please through if you have an example for VcHostAccountSpec.
VcHostAccountSpec is a data object with both no-arg and all-args constructors, so you should be able to instantiate it using either of the following ways:
var spec = new VcHostAccountSpec("userid", "userpassword", "some description")
or
var spec = new VcHostAccountSpec();
spec.id = "userid";
spec.password = "userpassword";
spec.description = "some description";
Thanks. I have drilled down the VCHostSystem further and able to create the user on ESXi.
host.configManager.accountManager.createUser(userSpecsObj).
As it returns null when created, I need to check back to see if the user is really created or not. Why this object is missing getUsers property?
When I used configManager.hostAccessManager.querySystemUsers it is really returning the default system accounts, not user created accounts. Is there any equivalent to list user created "user accounts"? Similarly I also need the getUserGroups too.
Seems adding an ESXi local user to a group is not supported it seems. I got an error saying not supported as given the description of the method.
Checked the VC API documentation and the group related methods are all deprecated since 5.1
The methods to add / remove / update a single user are still available it seems but not sure if that suits your use case?
Also, I find it interesting / alarming that the generated documentation on vropai.com does not reflect the Deprecation warnings for the plugin classes and methods. Must make sure to keep that in mind for future
-Eoin
Thanks Eoin for checking. So that means there is no way to make the newly created user as the admin level privilege user using vRO Vcenter API (I am trying to avoid an extra host to manage, like Powershell host to run PowerCLI)? Any idea about why
System.log(host.configManager.hostAccessManager.querySystemUsers());
is only displaying system users, not the user created users(da, it is system users, but I do not see another method to list all users)?
Are these methods (adding users, listing users etc) may also get deprecated in the next releases?
How do I elevate the user permissions to "admin"? Which vRO object is having that method?