I am trying to add an AD group as an Administrator directly to an ESXi host (not in vCenter). I tried using the following code:
$domain = "mydomain"
$group = "mygroup"
$svcaccount = $domain + "\" + $group
$folder = Get-folder -Name "ha-folder-root"
$authMgr = Get-View AuthorizationManager
$perm = New-Object VMware.Vim.Permission
$perm.principal = $svcaccount
$perm.propagate = $true
$perm.group = $true
$perm.roleid = ($authMgr.RoleList | where{$_.Name -eq "Admin"}).RoleId
$authMgr.SetEntityPermissions(($folder | Get-View).MoRef, $perm)
I get the following error :
You cannot call a method on a null-valued expression.
$authMgr.SetEntityPermissions <<<< (($folder | Get-View).MoRef, $perm)
When connected to ESX the Id of the AuthorizationManager is "AuthorizationManager-ha-authmgr" so you cannot use the shortest Get-View expression:
$authMgr = Get-View AuthorizationManager
The safe way to get authorizationManager view is through ServiceInstance object:
$si = Get-View ServiceInstance $authMgr = Get-View $si.Content.AuthorizationManager
Regards,
Yasen Kalchev
PowerCLI Dev Team
It looks like the folder ha-folder-root can not be found. I have added some error handling to your script. Can you try it and see if you still get the same error message?
$domain = "mydomain" $group = "mygroup" $svcaccount = $domain + "\" + $group $folder = Get-folder -Name "ha-folder-root" If ($folder) { $authMgr = Get-View AuthorizationManager $perm = New-Object VMware.Vim.Permission $perm.principal = $svcaccount $perm.propagate = $true $perm.group = $true $perm.roleid = ($authMgr.RoleList | where{$_.Name -eq "Admin"}).RoleId $authMgr.SetEntityPermissions(($folder | Get-View).MoRef, $perm) } else { Write-Error "Folder ha-folder-root not found." }
Regards, Robert
Same error
You cannot call a method on a null-valued expression.
At :line:18 char:31
+ $authMgr.SetEntityPermissions <<<< (($folder | Get-View).MoRef, $perm) } else {
When connected to ESX the Id of the AuthorizationManager is "AuthorizationManager-ha-authmgr" so you cannot use the shortest Get-View expression:
$authMgr = Get-View AuthorizationManager
The safe way to get authorizationManager view is through ServiceInstance object:
$si = Get-View ServiceInstance $authMgr = Get-View $si.Content.AuthorizationManager
Regards,
Yasen Kalchev
PowerCLI Dev Team
Thanks, changing it to the ServiceInstance object worked.