VMware Cloud Community
dharmendrarhce
Enthusiast
Enthusiast
‎11-19-2018 03:53 AM
Jump to solution

Add ESXi in Doamin & chnage password of root

Hi ,

I am looking for a script for below task in powercli

1- Script to add all ESXi Hosts in a vCenter to Domain for authentication (script should have an option to re-add a host to domain if it was already part of domain, but authentication is failing)

2- Retrieve last date of root password change from all ESXi hosts in a vCenter

3- Change the root password (with a randomly generated password meeting password complexity policy) of all ESXi hosts if the last password change date is more than 80 days and generate the output with the new passwords to update in password repository.

Tags (2)
Reply
0 Kudos
31 Replies
LucD
Leadership
Leadership
‎11-20-2018 05:30 AM
Jump to solution

To check the password changes, can you run the following and check if it includes the ESXi node(s) where you recently changed the password?

foreach($line in Import-Csv -Path .\esxNames.csv -UseCulture){

    $pswdChange = Get-Vievent -Start (Get-Date).AddDays(-80) |

    Where{$_ -is [VMware.Vim.UserPasswordChanged] -and

              $_.UserName -eq $line.User -and

              $_.Host.Name -eq $esx.Name}

    $pswdChange | Select CreatedTime,UserLogin,@{N='VMHost';E={$_.Host.Name}},username

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 06:34 AM
Jump to solution

it is not showing any result . Please see the attachment. 

pastedImage_0.png

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-20-2018 06:42 AM
Jump to solution

Are we talking about the last snippet?

The password change events?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 06:46 AM
Jump to solution

Yes .. Password change one . I think  " VMware.Vim.UserPasswordChanged " is not available that's why it is not giving any out put . How can we validate that " VMware.Vim.UserPasswordChanged "

================

foreach($line in Import-Csv -Path .\esxNames.csv -UseCulture){

    $pswdChange = Get-Vievent -Start (Get-Date).AddDays(-80) |

    Where{$_ -is [VMware.Vim.UserPasswordChanged] -and

              $_.UserName -eq $line.User -and

              $_.Host.Name -eq $esx.Name}

    $pswdChange | Select CreatedTime,UserLogin,@{N='VMHost';E={$_.Host.Name}},username

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-20-2018 06:53 AM
Jump to solution

I think it might be due to the missing MaxSamples parameter.

Try with this one

Get-Vievent -Start (Get-Date).AddDays(-80) -MaxSamples ([int]::MaxValue) |

Where{$_ -is [VMware.Vim.UserPasswordChanged] |

Select CreatedTime,UserLogin,@{N='VMHost';E={$_.Host.Name}},username


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 06:57 AM
Jump to solution

let me check and update you soon

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 07:13 AM
Jump to solution

This is what i am getting , Please check below out put .

pastedImage_1.png

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 07:57 AM
Jump to solution

Could you please put all peaces together and share with me . I hope you got understanding of my requirement. 

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-20-2018 09:13 AM
Jump to solution

I updated the script I posted earlier.
The Get-VIEvent now has the MaxSamples parameter and the Export-Csv writes the result out.Can you test an check what else might be missing?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 10:19 PM
Jump to solution

Thanks for your quick response .

I will test and update you . One thing if you ca also help ,  can i get the date print in output when last time password  change before changing password or not changing.

Like

Password not changed for $esx , Last password change date was $date

Password has been changed for $esx , Last password change date was $date

one more things

Will the script pick the new password for AD group changed  or else  can we put AD group add before password change , 1st Domain join then add AD group then password change

Reply
0 Kudos
LucD
Leadership
Leadership
‎11-20-2018 10:32 PM
Jump to solution

The date for the last password change, when within the last 80 days, is now included.

When it was longer than 80 days, it depends how long you keep Events in your environment.

For the moment there is no date for longer than 80 days included.

Yes, the DA group will use the new password.

During the password change, or not, the password is stored in $pswd, which is used to connect to the ESXi node and add the AD group.

No change needed.

The last complete version of the script in this thread was updated.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
dharmendrarhce
Enthusiast
Enthusiast
‎11-20-2018 10:39 PM
Jump to solution

much appreciated for your solution .  I will test it and update you . Thank you very much .

Reply
0 Kudos