I am being asked to produce a script that will check that no idividual users have been assigned permissions in vCenter, only AD groups should be assigned perms. Has anyone done this? Do I need to recursively read each folder to check or can I easily see for each role what and where has been applied?
Any help would be appreciated
Thanks
The following lines should list all permissions that are not assigned to an AD group.
It uses a cmdlet from the Quest AD Snapin.
Get-VIPermission | %{ if(!(Get-QADObject $_.Principal) -or !$_.IsGroup){ $_ | Select @{N="Entity";E={$_.Entity.Name}},Principal,Role
} }
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you Luc
Works a treat