So I have been searching and racking my brain on a way to add AD permissions to hosts that are already in vCenter and on the domain.

Here is what I was able to do to complete the task. I have not seen anyone else doing this so I wanted to share for anyone else that was running into the issues I was seeing (where when adding the permissions it adds at the vCenter level NOT the local host level).

clear

Connect-VIServer -server vCentername

#get list of hosts, I wanted to get my list of hosts from vCenter so that I could add my local permissions at the cluster or datacenter level

$hostsobject = Get-Cluster "clustername" |  Get-VMHost | sort Name

#loop through each host

foreach ($Hosts in $hostsobject)

{

#connecting to the local host so that the permission is set at the local level

Connect-VIServer $Hosts -User root -Password #####

#creating a localhost array so it gets the object from the local host and NOT from vCenter

$locHost = Get-VMHost -Name $Hosts

#since the host is part of vCenter the local hsot array contains two objects the local object [1] and the vCenter object [0]

#adding the local permission ie [1]

New-VIPermission -Entity $locHost[1] -Principal "ad group you want to add" -Role "Admin" -Propagate $true

#adding the vCenter permission ie [0]

#New-VIPermission -Entity $locHost[0] -Principal "ad group you want to add" -Role "Admin" -Propagate $true

}

Disconnect-VIServer * -Confirm:$false