VMware Cloud Community
emcclure
Enthusiast
Enthusiast
‎08-30-2019 10:17 AM
Jump to solution

Add a user to a specific folder that exists in multiple vCenters

So this is kind of based on this thread: Trying to get a PowerCLI script to run on multiple vCenters at once

I now need to take the script and modify it so specific users can be added to a specific folder on multiple vCenters.  The vCenters are setup the same under 1 particular datacenter, same folders, sub folder structure, etc.  Whereas the previous script would add the permission to the particular folder that existed on only one of the vCenters I need this to add a user to both.  I've tried playing around with the array and specifying other options, like New-VIPermission -Entity myfolder -Server $viservers -Principal $usertoadd -Role VirtualMachineUser -Propagate:$true but I just get this:

New-VIPermission : 8/30/2019 10:11:25 AM        New-VIPermission  The specified parameter 'Entity' expects a single value, but your name criteria 'myfolder' corresponds to multiple values.

I'm sure it's something very simple, but I'm not sure of what the right fix is exactly for this.  I thought I could create another array in the param section from the previous script and have something like: [array]$folder = (Get-Folder -Name myfolder)

But that didn't work.  Any help appreciated.

Thanks.

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎09-03-2019 10:08 AM
Jump to solution

Can't you simplify that part?

Something like this (provided I understood the desired logic correctly)

$answer = ''

while ($answer -ne 'Q')

{

   Write-Host "Please select an option"

   Write-Host "1 - Do the user selection"

   Write-Host "Q - Exit the script"

   $answer = (Read-Host -Prompt "Your reply").ToUpper()

   if ($answer -eq '1')

   {

     $usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"


     if (Get-VIPermission -Principal $usertoadd -Server $viservers.Name)

     {

       Get-Folder -Name myfolder -Server $viservers.Name |

       New-VIPermission -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true

     }

   }

}

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
11 Replies
emcclure
Enthusiast
Enthusiast
‎08-30-2019 04:40 PM
Jump to solution

I currently have this for my code after trying to look around at some other examples, and it acts like it's done something, but when I check the folder I don't see the user I just tried to add.

param(

[array]$viservers = ("vcenter.domain", "vcenter2.domain")

)

if (!(Get-Module -ListAvailable -Name VMware.PowerCLI)) {
    Install-Module -Name VMware.PowerCLI -Force -Scope CurrentUser -Confirm:$false
    Import-Module VMware.PowerCLI -Force
}

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

$creds = Get-Credential -Message "Enter your vCenter credentials" -UserName "$($env:USERDNSDOMAIN)\$($env:USERNAME)"

$vSphereConns+= Connect-VIServer -Server $viservers -Credential $creds

#$folder = @(Get-Folder -Type VM -Name myfolder)

while($true){
    $endAnswer = '1'
    while($endAnswer -ne 'Q'){
        if($endAnswer -eq '1'){
            $usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"
              
        }
  
  $perm = Get-VIPermission -Principal $usertoadd -Server $viservers.Name
  if(!$perm){
   $root = Get-Folder -Name myfolder -Server $viservers.Name
  New-VIPermission -Entity $root -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true
   }
        write-host "Please select an option"
        Write-Host "1 - Go back to the user selection"
  Write-Host "Q - Exit the script"
        $endAnswer = ''
        while('1','Q' -notcontains $endAnswer){
            $endAnswer = (Read-Host -Prompt 'Your answer').ToUpper()
        }
    }
ForEach( $conn in $vSphereConns) {
    Disconnect-VIServer -Server $conn -Confirm:$false
}
Write-Host "Disconnecting from vCenter and exiting script"
Write-Host "Hey! I'm walking here"
    break
}

0 Kudos
LucD
Leadership
Leadership
‎08-31-2019 02:09 AM
Jump to solution

What DefaultVIServerMode are you using? Single or Multiple?

Can you check with Get-PowerCLIConfiguration?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
emcclure
Enthusiast
Enthusiast
‎08-31-2019 04:40 AM
Jump to solution

It is set to multiple.

0 Kudos
LucD
Leadership
Leadership
‎08-31-2019 04:50 AM
Jump to solution

Can you add the Verbose switch on the New-VIPermission cmdlet?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
emcclure
Enthusiast
Enthusiast
‎09-03-2019 08:41 AM
Jump to solution

Hi LucD

So I added it, but I don't see anything additional.  When I run the script all I see is this as the output:

cope    ProxyPolicy     DefaultVIServerMode InvalidCertificateAction  DisplayDeprecationWarnings WebOperationTimeout

                                                                                                  Seconds

-----    -----------     ------------------- ------------------------  -------------------------- -------------------

Session  UseSystemProxy  Multiple            Ignore                    True                       300

User                     Multiple            Ignore

AllUsers

= Enter the username in domain\user format to add to the folder: domain\user

Please select an option

1 - Go back to the user selection

Q - Exit the script

Your answer: q

Disconnecting from vCenter and exiting script

But when I go to the folder in the vCenters nothing has been added.

0 Kudos
emcclure
Enthusiast
Enthusiast
‎09-03-2019 09:16 AM
Jump to solution

For some reason now when I suddenly try to run this again I get an error when trying to add a different user than myself:

New-VIPermission : Cannot process argument transformation on parameter 'Entity'. This parameter no longer accepts an

array. As an alternative you may pass multiple values by pipeline (if supported by the parameter).

At C:\Users\myser\Desktop\GenScripts\v2Scripts\myscript2.ps1:35 char:28

+         New-VIPermission -Entity $root -Principal $usertoadd -Server  ...

+                                  ~~~~~

    + CategoryInfo          : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException

    + FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis

   sionManagement.NewVIPermission

Section of code is this:

New-VIPermission -Entity $root -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true -Verbose

Full section of code is this:

  $perm = Get-VIPermission -Principal $usertoadd -Server $viservers.Name

  if(!$perm){

   $root = Get-Folder -Name myfolder -Server $viservers.Name

  New-VIPermission -Entity $root -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true -Verbose

   }

0 Kudos
LucD
Leadership
Leadership
‎09-03-2019 09:28 AM
Jump to solution

That would mean that the same folder exists in both vCenters.
And the Entity parameter on the New-VIPermission cmdlet indeed only accepts a single value.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
emcclure
Enthusiast
Enthusiast
‎09-03-2019 09:31 AM
Jump to solution

Ok so is there a way around that?  The entity exists on both vCenters and I'm trying to add the user to both at the same time.

0 Kudos
LucD
Leadership
Leadership
‎09-03-2019 09:36 AM
Jump to solution

Use the pipeline, instead of the $root variable.
It will present the folders, one by one to the New-VIPermission cmdlet.

   Get-Folder -Name myfolder -Server $viservers.Name |

   New-VIPermission -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
emcclure
Enthusiast
Enthusiast
‎09-03-2019 09:51 AM
Jump to solution

Sweet that worked.  Now for whatever reason at the end I have to hit Q twice to disconnect from both vCenters, whereas before it was just once.  Odd.

0 Kudos
LucD
Leadership
Leadership
‎09-03-2019 10:08 AM
Jump to solution

Can't you simplify that part?

Something like this (provided I understood the desired logic correctly)

$answer = ''

while ($answer -ne 'Q')

{

   Write-Host "Please select an option"

   Write-Host "1 - Do the user selection"

   Write-Host "Q - Exit the script"

   $answer = (Read-Host -Prompt "Your reply").ToUpper()

   if ($answer -eq '1')

   {

     $usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"


     if (Get-VIPermission -Principal $usertoadd -Server $viservers.Name)

     {

       Get-Folder -Name myfolder -Server $viservers.Name |

       New-VIPermission -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true

     }

   }

}

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos