So I have been searching and racking my brain on a way to add AD permissions to hosts that are already in vCenter and on the domain.
Here is what I was able to do to complete the task. I have not seen anyone else doing this so I wanted to share for anyone else that was running into the issues I was seeing (where when adding the permissions it adds at the vCenter level NOT the local host level).
clear
Connect-VIServer -server vCentername
#get list of hosts, I wanted to get my list of hosts from vCenter so that I could add my local permissions at the cluster or datacenter level
$hostsobject = Get-Cluster "clustername" | Get-VMHost | sort Name
#loop through each host
foreach ($Hosts in $hostsobject)
{
#connecting to the local host so that the permission is set at the local level
Connect-VIServer $Hosts -User root -Password #####
#creating a localhost array so it gets the object from the local host and NOT from vCenter
$locHost = Get-VMHost -Name $Hosts
#since the host is part of vCenter the local hsot array contains two objects the local object [1] and the vCenter object [0]
#adding the local permission ie [1]
New-VIPermission -Entity $locHost[1] -Principal "ad group you want to add" -Role "Admin" -Propagate $true
#adding the vCenter permission ie [0]
#New-VIPermission -Entity $locHost[0] -Principal "ad group you want to add" -Role "Admin" -Propagate $true
}
Disconnect-VIServer * -Confirm:$false