VMware Cloud Community
Rsiner
Contributor
Contributor
‎01-07-2013 07:02 AM
Jump to solution

Help With Setting Admins via PowerCLI

So i'm pretty new to working with VMWare and PowerCLI but I'm trying to write an automation script to configure new ESX hosts. I'm getting stuck when it comes to adding our Domain Admins group as an admin on the ESXHost itself.

Was thinking something like:


$admin = "MyDomain\Domain Admins"
Get-VMHost | New-VIPermissions -Principal $admin -Propogate $True -Role Admin

Somehow I feel like I'm way off on this one though.

Essentially, I'm trying to perform the same function as if I added the Domain Admins throught the permissions tab on the host.

Any help would be appreciated.

Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Zsoldier
Expert
Expert
‎01-07-2013 07:16 AM
Jump to solution

To add to perms to individual ESX hosts, I believe you'll have to connect to each individual host first.

Connect-viserver ESXHost

$admin= "mydomain\domain admins"

New-VIPermissions -Principal $admin -role Admin -entity (get-datacenter) -propagate:$true

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier

View solution in original post

0 Kudos
8 Replies
Zsoldier
Expert
Expert
‎01-07-2013 07:05 AM
Jump to solution

You could simply create an Active Directory group named: "ESX Admins" and make domain admins a member of that group.

ESX Admins gets added by default if detected by ESXi.  At least I think this is still true.  It was in 4.1

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
Rsiner
Contributor
Contributor
‎01-07-2013 07:09 AM
Jump to solution

The only problem is that I don't have clearance to modify Active Directory in our environment. I'm creating the automation to step-by-step replace a SOP we have here, so despite there being easier or more efficient ways, this is the way I have to do it.  :smileyplain:

0 Kudos
LucD
Leadership
Leadership
‎01-07-2013 07:10 AM
Jump to solution

Chris, it's still valid.

See Kyle's excellent Joining vSphere Hosts to Active Directory post.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Grzesiekk
Expert
Expert
‎01-07-2013 07:11 AM
Jump to solution

Hi i think that in order to set it on the host itself you will need to connect to the host directly using powercli first. Otherwise you will be creating permissions via VC and not directly on the esx/i host.

IS this the problem you have, or do you have problem with running the command ?

Greg

--- @blog https://grzegorzkulikowski.info
0 Kudos
Zsoldier
Expert
Expert
‎01-07-2013 07:16 AM
Jump to solution

To add to perms to individual ESX hosts, I believe you'll have to connect to each individual host first.

Connect-viserver ESXHost

$admin= "mydomain\domain admins"

New-VIPermissions -Principal $admin -role Admin -entity (get-datacenter) -propagate:$true

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
Rsiner
Contributor
Contributor
‎01-07-2013 07:21 AM
Jump to solution

I have the script connecting to the host earlier on. It's sitting at ~400 lines at this point so I only pasted the snippet im working on right now.

Assuming this is the only host we are concerned about, and it does not speak with the other hosts: "get-datacenter" is what I should be using to define the entity value?

0 Kudos
Zsoldier
Expert
Expert
‎01-07-2013 07:24 AM
Jump to solution

yeppers.

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
Rsiner
Contributor
Contributor
‎01-07-2013 07:33 AM
Jump to solution

Thanks ^.^

0 Kudos