I was looking to add an AD group to an ESXi host scripting it in. Don't want to use profiles as we would script all the post configs into the host and create the profile from there. The host will already be joined to the domain at that point in the script.
Get-VIAccount -Domain <Domain> -Group <Domain Group> ?
Thank you,
You mean something like this?
You should be connected to the ESXi node.
$rootFolder = Get-Folder -Name root
$user = 'domain\group'
$role = Get-VIRole -Name admin
New-VIPermission -Entity $rootFolder -Principal $user -Role $role -Propagate $true -Confirm:$false
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD
Thank you for your reply. Here is what im getting:
New-VIPermission : <Date> New-VIPermission Could not find VIAccount with name
'Domain Names\AD Group'. Actual domain name and group being used.
Here is the script im running:
import-module vmware.vimautomation.core
Connect-VIServer -Server <Server Name>
$rootFolder = Get-Folder -Name root
$user = 'Domain\Domain Group'
$role = Get-VIRole -Name admin
New-VIPermission -Entity $rootFolder -Principal $user -Role $role -Propagate $true -Confirm:$false
Is the AD domain is added as an authentication authority?
Do you see the AD users and groups when you do
Get-VIAccount -Domain <NetBios-domain-name>
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You can also check via the Web Client.
Home - System Configuration - Nodes - <Select the vCenter> - Active Directory
Does that show the AD domain to which the VCSA should be connected?
If not, you join the VCSA to the domain via the same page.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD
Ok figured it out...
$rootFolder = Get-Folder -Name root
$user = 'Domain\Domain Group'
$role = Get-VIRole -Name admin
New-VIPermission -Entity $rootFolder -Principal $user.name -Role $role -Propagate $true -Confirm:$false
This works on 6.5 hosts after upgrading them from 5.5..!!
Thank you for your help..!!