Hello All
I have esxi connected to AD group already
Now i need to add one ad group to Esxi Administrator
New-VIPermission
New-VIRole |
I saw a note from LucD
$oldGroup = 'domain\oldgroup'
$newGroup = 'domain\newgroup'
foreach($esx in Get-VMHost){
$oldPerm = Get-VIPermission -Entity $esx | where {$_.Principal -eq $oldGroup -and !$_.Propagate}
New-VIPermission -Entity $esx -Principal $newGroup -Role $oldPerm.Role -Propagate $oldPerm.Propagate -Confirm:$false
Remove-VIPermission -Permission $oldPerm -Confirm:$false
}
But i am not able to co-relate it to my case
my esxi are running 6.0x
RvdNieuwendijk thanks for the reply, the cmd ran without error but when i try to login individual esxi with vspeher client as well as ssh it did not worked.
Also i checked the esxi with root login the group is not seen in permissions tab, so looks like i did not explain the questions well, I think you got the idea now.
i see a note on internet ,,,
$HostPW = "yxz"
$DomainAdmin = "DomainAdmin"
$DomainPW = "yxz"
$ADGroup = "domain\DomainGroup"
$Domain = "domain.local"
Add-PSSnapin VMware.VimAutomation.Core
Connect-VIServer $VMHost –User root –Password $HostPW
Get-VMHostAuthentication -VMHost $VMHost | Set-VMHostAuthentication -Domain $Domain -Username $DomainAdmin -Password $DomainPW -JoinDomain -Confirm:$false
Get-VMHost $VMHost | New-VIPermission -Principal $ADGroup -Role "Admin"
Disconnect-VIServer $VMHost -Confirm:$false
==
but the above did not worked for me..
I think this can be done only by directly login to each esxi , "Connect-VIServer $VMHost –User root –Password $HostPW" & then add the AD group with Admin access ...
FYI i am able to add the stuff manually & all nodes are connected to AD already
The following PowerCLI command adds the AD group domain\group to the administrators of all of your hosts:
Get-VMHost | New-VIPermission -Role Admin -Principal domain\group
Follow below steps:-
Log in to the vSphere Client.
On the vCenter entity root level, right-click and select Add Permission.
The Assign Permissions window appears.
Select Administrator from the Assigned Role drop-down menu.
This menu displays all the roles that are assigned to the object. When the role appears, the privileges contained in the role are listed in the section below the role title.
Select Propagate to Child Objects.
Click Add.
The Select Users and Groups window appears.
Select the domain where the user or group is located from the Domain drop-down menu.
Type a name in the Search box or select a name from the Name list.
Click Add.
The name is added to the Users or Groups list.
Repeat steps Step 6 through Step 8 to add additional users or groups.
Click OK.
To finish the task, click OK.
Euh, nice answer, but I'm not sure a GUI procedure in an automation community is really what the submitter was asking :smileygrin:
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
RvdNieuwendijk thanks for the reply, the cmd ran without error but when i try to login individual esxi with vspeher client as well as ssh it did not worked.
Also i checked the esxi with root login the group is not seen in permissions tab, so looks like i did not explain the questions well, I think you got the idea now.
i see a note on internet ,,,
$HostPW = "yxz"
$DomainAdmin = "DomainAdmin"
$DomainPW = "yxz"
$ADGroup = "domain\DomainGroup"
$Domain = "domain.local"
Add-PSSnapin VMware.VimAutomation.Core
Connect-VIServer $VMHost –User root –Password $HostPW
Get-VMHostAuthentication -VMHost $VMHost | Set-VMHostAuthentication -Domain $Domain -Username $DomainAdmin -Password $DomainPW -JoinDomain -Confirm:$false
Get-VMHost $VMHost | New-VIPermission -Principal $ADGroup -Role "Admin"
Disconnect-VIServer $VMHost -Confirm:$false
==
but the above did not worked for me..
I think this can be done only by directly login to each esxi , "Connect-VIServer $VMHost –User root –Password $HostPW" & then add the AD group with Admin access ...
FYI i am able to add the stuff manually & all nodes are connected to AD already
i just tried again the individual connect-vishost method & it worked, i think last night when i tried i was half awake
RvdNieuwendijk Can you confirm it possible only by individual esxi connection only ?