Hello community,
I have this committment
Enviroment : Multiple vcenters from 4.1 to 6.5
Requests:
Until now i know i can create users on multiple hosts by New-VMHostAccount using PowerCli, i can change UID with ssh command /usr/lib/vmware/auth/bin/chuid and assign them to Administrator role via vsphere client.
Seems there is no way to do all of it using only PowerCli and seems there is no way at all to change the GID for 5.1 and above.
Please, prove me i am wrong (i am sure i am...)
Thanks
Fabio
As I tried to explain before, the name of the 'root' folder has changed in the different ESXi versions.
In your case you will need to use ha-root-folder instead of root.
The script should be
$user = New-VMHostAccount -Server $esxSrv -Id testuser1 -Password VMware1! -UserAccount -GrantShellAccess
$rootFolder = Get-Folder -Name ha-folder-root -Server $esxSrv
$role = Get-VIRole -Name Admin -Server $esxSrv
New-VIPermission -Entity $rootFolder -Principal $user -Role $role
Disconnect-VIServer -Server $esxSrv -Confirm:$false
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You are right, local groups are abolished since 5.1.
You can give a new user the required rights by using the role.
Note that you need to connect to the ESXi node to use New-VMHostAccount for ESXi users.
Also note that the root folder has been having different names in different ESXi versions (in 6.7 it is 'root').
Doing this for 2 user accounts is trivial I assume.
$user = New-VMHostAccount -Server $esxSrv -Id testuser1 -Password VMware1! -UserAccount -GrantShellAccess
$rootFolder = Get-Folder -Name root -Server $esxSrv
$role = Get-VIRole -Name Admin -Server $esxSrv
New-VIPermission -Entity $rootFolder -Principal $user -Role $role
Disconnect-VIServer -Server $esxSrv -Confirm:$false
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks LucD, is there a way to integrate the UID assignment or do i have to treat it as a different task?
Fabio
No, not with the PowerCLI cmdlet, nor with any of the ESXi commands (like esxcli, vicfg-user...).
The concept of a uid for an ESXi user is abandoned after ESXi 5.1 afaik.
You can go in the /etc/passwd file and change the value there, but I suspect it has no use and might be overwritten after a reboot.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello LucD
I managed to run it for multiple hosts, of for user create but i still have issues for role assignment
This is what i'm using right now
$esxSrv="HOST2","HOST2"
Foreach ($esxSrv In $esxSrv)
{
Connect-VIServer -Server $esxSrv -User root -Password @@@@
$user = New-VMHostAccount -Server $esxSrv -Id testuser2 -Password VMware1! -UserAccount -GrantShellAccess
$rootFolder = Get-Folder -Name root -Server $esxSrv
$role = Get-VIRole -Name Admin -Server $esxSrv
New-VIPermission -Role Admin -Principal testuser2 -Entity $rootFolder
Disconnect-VIServer -Server $esxSrv -Confirm:$false
}
I have this error
I tried using the ha-folder-root as root folder but i got this instead
Checked with Get-ViAccount and i get
What am i missing?
Thanks
When you are connected to an ESXi node, you need to give the permission on the 'root' folder.
But they changed the name of the 'root' folder in recent ESXi versions.
It could be 'ha-root-folder' instead of 'root'.
Connect to an ESXi node and do a Get-Folder, you should see what the name is in the ESXi version you are using.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I already tried it, maybe you missed in the other post, this single command's output.
I think i am missing some stupid thing, i am sorry but my powercli expertise is quite low
Can you show the output of the Get-Folder cmdlet, not the Get-VIAccount?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Sure
As I tried to explain before, the name of the 'root' folder has changed in the different ESXi versions.
In your case you will need to use ha-root-folder instead of root.
The script should be
$user = New-VMHostAccount -Server $esxSrv -Id testuser1 -Password VMware1! -UserAccount -GrantShellAccess
$rootFolder = Get-Folder -Name ha-folder-root -Server $esxSrv
$role = Get-VIRole -Name Admin -Server $esxSrv
New-VIPermission -Entity $rootFolder -Principal $user -Role $role
Disconnect-VIServer -Server $esxSrv -Confirm:$false
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Sorry LucD, but is exactly what i did if you look at the screens
It looks like you are connected to multiple servers.
Check what is in $global:defaultVIServers, and make sure there are no connections open before you run the script.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Maybe something in the syntax?
New-VIPermission -Entity ha-folder-root -Role Admin -Principal testuser
No, you are not doing what I provided.
You have to get the folder in a variable and the role as well.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference