VMware Cloud Community
partisen
Contributor
Contributor
‎01-27-2021 01:03 PM
Jump to solution

Add permission to VM with an existing role for an AD group through PowerCLI

Attempting to assign permissions to allow an AD group console rights over a single VM.  Currently trying something similar to the following but with no success.

Get-VM -Name test | New-VIPermission -Role (Get-VIRole -Name "Virtual Machine console users") -Principal "ADDomain\ADGroup"

 

Is this a syntax issue or is VIPermission the wrong way to go about this?

Labels (2)
Labels
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎01-28-2021 12:15 AM
Jump to solution

That should be

Get-VIRole -Name "VirtualMachineConsoleUser"


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
5 Replies
scott28tt
VMware Employee
VMware Employee
‎01-27-2021 01:50 PM
Jump to solution

@partisen 

Moderator: Moved to PowerCLI Discussions, where it’s usually worth doing a search.

 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
0 Kudos
LucD
Leadership
Leadership
‎01-27-2021 02:36 PM
Jump to solution

Is there an error message?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
partisen
Contributor
Contributor
‎01-27-2021 03:14 PM
Jump to solution

Get-VIRole : 1/27/2021 5:12:26 PM Get-VIRole VIRole with name 'Virtual Machine console users' was not found using the specified filter(s).
At line:1 char:45
+ ... ssion -Role (Get-VIRole -Name "Virtual Machine console users") -Princ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-VIRole], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIRole

New-VIPermission : Cannot validate argument on parameter 'Role'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:1 char:44
+ ... ssion -Role (Get-VIRole -Name "Virtual Machine console users") -Princ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [New-VIPermission], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.NewVIPermission

0 Kudos
LucD
Leadership
Leadership
‎01-28-2021 12:15 AM
Jump to solution

That should be

Get-VIRole -Name "VirtualMachineConsoleUser"


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
partisen
Contributor
Contributor
‎01-28-2021 05:04 AM
Jump to solution

That did it.  Thank you very much, LucD.

 

The corrected command.

Get-VM -Name test | New-VIPermission -Role (Get-VIRole -Name "VirtualMachineConsoleUser") -Principal "ADDomain\ADGroup"

0 Kudos