Attempting to assign permissions to allow an AD group console rights over a single VM. Currently trying something similar to the following but with no success.
Get-VM -Name test | New-VIPermission -Role (Get-VIRole -Name "Virtual Machine console users") -Principal "ADDomain\ADGroup"
Is this a syntax issue or is VIPermission the wrong way to go about this?
That should be
Get-VIRole -Name "VirtualMachineConsoleUser"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Moderator: Moved to PowerCLI Discussions, where it’s usually worth doing a search.
Is there an error message?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Get-VIRole : 1/27/2021 5:12:26 PM Get-VIRole VIRole with name 'Virtual Machine console users' was not found using the specified filter(s).
At line:1 char:45
+ ... ssion -Role (Get-VIRole -Name "Virtual Machine console users") -Princ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-VIRole], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIRole
New-VIPermission : Cannot validate argument on parameter 'Role'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:1 char:44
+ ... ssion -Role (Get-VIRole -Name "Virtual Machine console users") -Princ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-VIPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.NewVIPermission
That should be
Get-VIRole -Name "VirtualMachineConsoleUser"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That did it. Thank you very much, LucD.
The corrected command.
Get-VM -Name test | New-VIPermission -Role (Get-VIRole -Name "VirtualMachineConsoleUser") -Principal "ADDomain\ADGroup"