VMware Cloud Community
chavez9119
Contributor
Contributor
‎09-03-2010 03:04 PM
Jump to solution

Add Active Directory group to ESXi host permissions

I am trying to add an AD group as an Administrator directly to an ESXi host (not in vCenter). I tried using the following code:

$domain = "mydomain"

$group = "mygroup"

$svcaccount = $domain + "\" + $group

$folder = Get-folder -Name "ha-folder-root"

$authMgr = Get-View AuthorizationManager

$perm = New-Object VMware.Vim.Permission

$perm.principal = $svcaccount

$perm.propagate = $true

$perm.group = $true

$perm.roleid = ($authMgr.RoleList | where{$_.Name -eq "Admin"}).RoleId

$authMgr.SetEntityPermissions(($folder | Get-View).MoRef, $perm)

I get the following error :

You cannot call a method on a null-valued expression.

$authMgr.SetEntityPermissions <<<< (($folder | Get-View).MoRef, $perm)

Reply
0 Kudos
1 Solution

Accepted Solutions
ykalchev
VMware Employee
VMware Employee
‎09-07-2010 12:55 AM
Jump to solution

When connected to ESX the Id of the AuthorizationManager is "AuthorizationManager-ha-authmgr" so you cannot use the shortest Get-View expression:

$authMgr = Get-View AuthorizationManager

The safe way to get authorizationManager view is through ServiceInstance object:

$si = Get-View ServiceInstance
$authMgr = Get-View $si.Content.AuthorizationManager

Regards,

Yasen Kalchev

PowerCLI Dev Team

Yasen Kalchev, vSM Dev Team

View solution in original post

Reply
0 Kudos
4 Replies
RvdNieuwendijk
Leadership
Leadership
‎09-04-2010 10:25 AM
Jump to solution

It looks like the folder ha-folder-root can not be found. I have added some error handling to your script. Can you try it and see if you still get the same error message?

$domain = "mydomain"
$group = "mygroup"
$svcaccount = $domain + "\" + $group

$folder = Get-folder -Name "ha-folder-root"
If ($folder) 
{
  $authMgr = Get-View AuthorizationManager
  $perm = New-Object VMware.Vim.Permission
  $perm.principal = $svcaccount
  $perm.propagate = $true
  $perm.group = $true
  $perm.roleid = ($authMgr.RoleList | where{$_.Name -eq "Admin"}).RoleId
  $authMgr.SetEntityPermissions(($folder | Get-View).MoRef, $perm)
}
else
{
  Write-Error "Folder ha-folder-root not found."
}

Regards, Robert

Blog: https://rvdnieuwendijk.com/ | Twitter: @rvdnieuwendijk | Author of: https://www.packtpub.com/virtualization-and-cloud/learning-powercli-second-edition
Reply
0 Kudos
chavez9119
Contributor
Contributor
‎09-04-2010 11:36 AM
Jump to solution

Same error

You cannot call a method on a null-valued expression.

At :line:18 char:31

+ $authMgr.SetEntityPermissions <<<< (($folder | Get-View).MoRef, $perm) } else {

Reply
0 Kudos
ykalchev
VMware Employee
VMware Employee
‎09-07-2010 12:55 AM
Jump to solution

When connected to ESX the Id of the AuthorizationManager is "AuthorizationManager-ha-authmgr" so you cannot use the shortest Get-View expression:

$authMgr = Get-View AuthorizationManager

The safe way to get authorizationManager view is through ServiceInstance object:

$si = Get-View ServiceInstance
$authMgr = Get-View $si.Content.AuthorizationManager

Regards,

Yasen Kalchev

PowerCLI Dev Team

Yasen Kalchev, vSM Dev Team
Reply
0 Kudos
chavez9119
Contributor
Contributor
‎09-07-2010 06:14 AM
Jump to solution

Thanks, changing it to the ServiceInstance object worked.

Reply
0 Kudos