Compliance check use of Roles

js40687 · ‎04-21-2013

I am being asked to produce a script that will check that no idividual users have been assigned permissions in vCenter, only AD groups should be assigned perms. Has anyone done this? Do I need to recursively read each folder to check or can I easily see for each role what and where has been applied?

Any help would be appreciated

Thanks

LucD · ‎04-21-2013

The following lines should list all permissions that are not assigned to an AD group.

It uses a cmdlet from the Quest AD Snapin.

Get-VIPermission | %{
  if(!(Get-QADObject $_.Principal) -or !$_.IsGroup){
    $_ | Select @{N="Entity";E={$_.Entity.Name}},Principal,Role
  }
}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

js40687 · ‎04-22-2013

Thank you Luc

Works a treat

All

Compliance check use of Roles