Solved: Create a PowerCLI script to create a local User ac...

BKleiman72 · ‎09-19-2017

Hi Guys,

I know this has been posted several times on here but I can't find the correct script for my application.

I am setting up Solarwinds in my environment and it requires a local account with Read-Only access on each of the ESXi hosts. I am currently running ESXi 6.0U3a on all of my hosts.

What I need is for the script to pull all of the hosts out of vCenter and add local account SOLSNMP and place it in the Read-only "Role"

Thanks for any help

BobK

LucD · ‎09-20-2017

Try like this.

It assumes that there is one hostname on each line in the .txt file.

$rootUser = 'root'

$rootPswd = '2***'

$userName = 'SOLSNMP'

$Pswd = '*****'

foreach($esx in (Get-VMHost -Name (Get-Content -Path C:\ESXi_Root_Password_Reset\esxservers.txt)))

{

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

$user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

$user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

$root = Get-Folder -Name ha-folder-root -Server $esx.Name

New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

}

Disconnect-VIServer -Server $esx.Name -Confirm:$false

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎09-19-2017

Have a look at Re: Need Help in creating admin user on multiple esxi in vCenter with equivalent permission of root...

You will need to update the username and the role

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

BKleiman72 · ‎09-19-2017

Here is what I tried based on the other script and the errors I am getting.

$rootUser = 'root'

$rootPswd = '*****'

$userName = 'SOLSNMP'

$esxName = 'pcoesxvm02.sgsolutions.local'

$esx = Get-VMHost -Name $esxName

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

$user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

$user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

$root = Get-Folder -Name root -Server $esx.Name

New-VIPermission -Entity $root -Principal $userName -Role Read-only -Server $esx.Name

}

>>

New-VMHostAccount : Cannot bind argument to parameter 'Password' because it is

null.

At line:5 char:55

+ $user = New-VMHostAccount -Id $userName -Password $pswd

-GrantShellAccess -S ...

+ ~~~~~

+ CategoryInfo : InvalidData: (:) [New-VMHostAccount], ParameterB

indingValidationException

+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,V

Mware.VimAutomation.ViCore.Cmdlets.Commands.Host.NewVMHostAccount

PowerCLI C:\> $perm = Get-VIPermission -Principal $userName -Server $esx.Name

Get-VIPermission : 9/19/2017 3:40:56 PM Get-VIPermission Could not

find VIAccount with name 'SOLSNMP'.

At line:1 char:9

+ $perm = Get-VIPermission -Principal $userName -Server $esx.Name

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (SOLSNMP:String) [Get-VIPermissi

on], VimException

+ FullyQualifiedErrorId : Core_ObnSelector_SelectObjectByNameCore_ObjectNo

tFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.G

etVIPermission

Get-VIPermission : 9/19/2017 3:40:56 PM Get-VIPermission VIAccount

parameter: Could not find any of the objects specified by name.

At line:1 char:9

+ $perm = Get-VIPermission -Principal $userName -Server $esx.Name

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (VMware.VimAutom...unt[] Princip

al:RuntimePropertyInfo) [Get-VIPermission], ObnRecordProcessingFailedExcep

tion

+ FullyQualifiedErrorId : Core_ObnSelector_SetNewParameterValue_ObjectNotF

oundCritical,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManage

ment.GetVIPermission

PowerCLI C:\> if(!$perm){

>> $root = Get-Folder -Name root -Server $esx.Name

>> New-VIPermission -Entity $root -Principal $userName -Role Read-only -Serv

er $esx.Name

>> }

>>

Get-Folder : 9/19/2017 3:40:56 PM Get-Folder Folder with name 'root'

was not found using the specified filter(s).

At line:2 char:13

+ $root = Get-Folder -Name root -Server $esx.Name

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : ObjectNotFound: (:) [Get-Folder], VimException

+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimA

utomation.ViCore.Cmdlets.Commands.GetFolder

New-VIPermission : Cannot validate argument on parameter 'Entity'. The

argument is null or empty. Supply an argument that is not null or empty and

then try the command again.

At line:3 char:30

+ New-VIPermission -Entity $root -Principal $userName -Role Read-only

-Server ...

+ ~~~~~

+ CategoryInfo : InvalidData: (:) [New-VIPermission], ParameterBi

ndingValidationException

+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.V

LucD · ‎09-19-2017

The $Pswd variable hasn't been instantiated.

You should have a line with the following at the beginning (update the password).

$Pswd = 'YourAccountPassword'

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

BKleiman72 · ‎09-19-2017

Ok that worked now how do I send it a list of Hosts from vCenter so I can add this account to all of my hosts.

LucD · ‎09-19-2017

In one of the versions of the script, it runs through all the ESXi nodes.

foreach ($esx in Get-VMHost){

But you can use any selection criteria to "get" the ESXi nodes that you want to use.

For example from a text file

foreach($esx in (Get-VMHost -Name (Get-Content -Path esx-names.txt))){

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

BKleiman72 · ‎09-20-2017

Here is what I am trying and when I run it for a single machine it works but when I try and run it with the text file it seems to complete I get no errors but I also don't get the accounts.

$rootUser = 'root'

$rootPswd = '2***'

$userName = 'SOLSNMP'

$Pswd = '*****'

$esx = Get-VMHost -Name $esxName

foreach($esx in (Get-VMHost -Name (Get-Content -Path C:\ESXi_Root_Password_Reset\esxservers.txt))){

}

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

$user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

$user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

$root = Get-Folder -Name ha-folder-root -Server $esx.Name

New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

}

Disconnect-VIServer -Server $esx.Name -Confirm:$false

LucD · ‎09-20-2017

Try like this.

It assumes that there is one hostname on each line in the .txt file.

$rootUser = 'root'

$rootPswd = '2***'

$userName = 'SOLSNMP'

$Pswd = '*****'

foreach($esx in (Get-VMHost -Name (Get-Content -Path C:\ESXi_Root_Password_Reset\esxservers.txt)))

{

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

$user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

$user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

$root = Get-Folder -Name ha-folder-root -Server $esx.Name

New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

}

Disconnect-VIServer -Server $esx.Name -Confirm:$false

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

BKleiman72 · ‎09-20-2017

Not sure how you have time to work on this so quickly but you are not being paid enough

Thanks this saved me a huge amount of work.

Bob K

jjgunn · ‎03-15-2018

LucD I follow you all the time especially as relates to PowerCLI & I'm using this script. Appreciate it.

Wanted to point out I received an error on vSphere 6.5 - looks like the folder path changed from vSphere 6.0 (which I'm certain you already know but wanted to help anyone having the same issue)

$root = Get-Folder -Name ha-folder-root -Server $esx.Name

For vSphere 6.5 Should be

$root = Get-Folder -Name root -Server $esx.Name

Hope this helps someone moving forward

LucD · ‎03-15-2018

Thanks for sharing that!

One way to make the above code usable across different vSphere version, is to find the name of the rootfolder dynamically.

Something like this

if(!$perm){

$rootFolderObj = Get-View -id $global:DefaultVIServer.ExtensionData.Content.RootFolder

$root = Get-Folder -Name $rootFolderObj.Name -Server $esx.Name

New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

NileshAPatil · ‎07-20-2020

Need to use Host from TXT file, also all Host have different admin account. So it would take admin user and password saved in the same file.

MDRR73 · ‎04-24-2021

Hi Lucd

When i try to pass the value through arguments to the below script , it displays error.

param ( $rootUser, $rootPswd,$userName,$Pswd,$esx)

Connect-VIServer -Server $esx -User $rootUser -Password $rootPswd > $null

$perm = Get-VIPermission -Principal $userName -Server $esx

if(!$perm){

$root = Get-Folder -Name ha-folder-root -Server $esx

New-VIPermission -Entity $root -Principal $userName -Role Admi -Server $esx

}

Disconnect-VIServer -Server $esx -Confirm:$false

Could you please help me

LucD · ‎04-24-2021

Which error?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Salgado0417 · ‎04-26-2021

$rootFolderObj = Get-View -id $global:DefaultVIServer. ExtensionData. Content.

$root = Get-Folder -Name $rootFolderObj. Name -Server $esx. Name.

New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx. Name.

All

Create a PowerCLI script to create a local User account on each Host in vCenter