Solved: Re: Add AD group as Administrator on esxi

esxi1979 · ‎05-14-2017

Hello All

I have esxi connected to AD group already

Now i need to add one ad group to Esxi Administrator

New-VIPermission

New-VIRole

I saw a note from LucD

$oldGroup = 'domain\oldgroup'

$newGroup = 'domain\newgroup'

foreach($esx in Get-VMHost){

$oldPerm = Get-VIPermission -Entity $esx | where {$_.Principal -eq $oldGroup -and !$_.Propagate}

New-VIPermission -Entity $esx -Principal $newGroup -Role $oldPerm.Role -Propagate $oldPerm.Propagate -Confirm:$false

Remove-VIPermission -Permission $oldPerm -Confirm:$false

}

But i am not able to co-relate it to my case

my esxi are running 6.0x

esxi1979 · ‎05-14-2017

RvdNieuwendijk thanks for the reply, the cmd ran without error but when i try to login individual esxi with vspeher client as well as ssh it did not worked.

Also i checked the esxi with root login the group is not seen in permissions tab, so looks like i did not explain the questions well, I think you got the idea now.

i see a note on internet ,,,

$VMHost = "hostname.domain.local"

$HostPW = "yxz"

$DomainAdmin = "DomainAdmin"

$DomainPW = "yxz"

$ADGroup = "domain\DomainGroup"

$Domain = "domain.local"

Add-PSSnapin VMware.VimAutomation.Core

Connect-VIServer $VMHost –User root –Password $HostPW

Get-VMHostAuthentication -VMHost $VMHost | Set-VMHostAuthentication -Domain $Domain -Username $DomainAdmin -Password $DomainPW -JoinDomain -Confirm:$false

Get-VMHost $VMHost | New-VIPermission -Principal $ADGroup -Role "Admin"

Disconnect-VIServer $VMHost -Confirm:$false

==

but the above did not worked for me..

I think this can be done only by directly login to each esxi , "Connect-VIServer $VMHost –User root –Password $HostPW" & then add the AD group with Admin access ...

FYI i am able to add the stuff manually & all nodes are connected to AD already

View solution in original post

RvdNieuwendijk · ‎05-14-2017

The following PowerCLI command adds the AD group domain\group to the administrators of all of your hosts:

Get-VMHost | New-VIPermission -Role Admin -Principal domain\group

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition

sachu2017 · ‎05-14-2017

Follow below steps:-

Log in to the vSphere Client.

On the vCenter entity root level, right-click and select Add Permission.

The Assign Permissions window appears.

Select Administrator from the Assigned Role drop-down menu.

This menu displays all the roles that are assigned to the object. When the role appears, the privileges contained in the role are listed in the section below the role title.

Select Propagate to Child Objects.

Click Add.

The Select Users and Groups window appears.

Select the domain where the user or group is located from the Domain drop-down menu.

Type a name in the Search box or select a name from the Name list.

Click Add.

The name is added to the Users or Groups list.

Repeat steps Step 6 through Step 8 to add additional users or groups.

Click OK.

To finish the task, click OK.

LucD · ‎05-14-2017

Euh, nice answer, but I'm not sure a GUI procedure in an automation community is really what the submitter was asking :smileygrin:

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

esxi1979 · ‎05-14-2017