Hi ,
I am looking for a script for below task in powercli
1- Script to add all ESXi Hosts in a vCenter to Domain for authentication (script should have an option to re-add a host to domain if it was already part of domain, but authentication is failing)
2- Retrieve last date of root password change from all ESXi hosts in a vCenter
3- Change the root password (with a randomly generated password meeting password complexity policy) of all ESXi hosts if the last password change date is more than 80 days and generate the output with the new passwords to update in password repository.
To check the password changes, can you run the following and check if it includes the ESXi node(s) where you recently changed the password?
foreach($line in Import-Csv -Path .\esxNames.csv -UseCulture){
$pswdChange = Get-Vievent -Start (Get-Date).AddDays(-80) |
Where{$_ -is [VMware.Vim.UserPasswordChanged] -and
$_.UserName -eq $line.User -and
$_.Host.Name -eq $esx.Name}
$pswdChange | Select CreatedTime,UserLogin,@{N='VMHost';E={$_.Host.Name}},username
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
it is not showing any result . Please see the attachment.
Are we talking about the last snippet?
The password change events?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes .. Password change one . I think " VMware.Vim.UserPasswordChanged " is not available that's why it is not giving any out put . How can we validate that " VMware.Vim.UserPasswordChanged "
================
foreach($line in Import-Csv -Path .\esxNames.csv -UseCulture){
$pswdChange = Get-Vievent -Start (Get-Date).AddDays(-80) |
Where{$_ -is [VMware.Vim.UserPasswordChanged] -and
$_.UserName -eq $line.User -and
$_.Host.Name -eq $esx.Name}
$pswdChange | Select CreatedTime,UserLogin,@{N='VMHost';E={$_.Host.Name}},username
I think it might be due to the missing MaxSamples parameter.
Try with this one
Get-Vievent -Start (Get-Date).AddDays(-80) -MaxSamples ([int]::MaxValue) |
Where{$_ -is [VMware.Vim.UserPasswordChanged] |
Select CreatedTime,UserLogin,@{N='VMHost';E={$_.Host.Name}},username
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
let me check and update you soon
This is what i am getting , Please check below out put .
Could you please put all peaces together and share with me . I hope you got understanding of my requirement.
I updated the script I posted earlier.
The Get-VIEvent now has the MaxSamples parameter and the Export-Csv writes the result out.Can you test an check what else might be missing?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks for your quick response .
I will test and update you . One thing if you ca also help , can i get the date print in output when last time password change before changing password or not changing.
Like
Password not changed for $esx , Last password change date was $date
Password has been changed for $esx , Last password change date was $date
one more things
Will the script pick the new password for AD group changed or else can we put AD group add before password change , 1st Domain join then add AD group then password change
The date for the last password change, when within the last 80 days, is now included.
When it was longer than 80 days, it depends how long you keep Events in your environment.
For the moment there is no date for longer than 80 days included.
Yes, the DA group will use the new password.
During the password change, or not, the password is stored in $pswd, which is used to connect to the ESXi node and add the AD group.
No change needed.
The last complete version of the script in this thread was updated.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
much appreciated for your solution . I will test it and update you . Thank you very much .