VMware Cloud Community
miguelvelezwhit
Enthusiast
Enthusiast
‎03-16-2017 07:09 AM

How to assign an AD Group to an existing role in vSphere

I've tried several sites, several books and even Google, but I can't find the answer for something basically simple.  I've created a script which opens all my vCenters simultaneously.  Now I want to assign a group to an existing role.  Something on the order of this:

Group is VCAdmins.  I want to give them the role of read only w/console  (or even read only)  I want to do that via PowerCLI.  With all the vCenters open at one time, the one liner command should assign the role to that group in every vCenter.

I'm so close, but I can't find the syntax I need.  In other words..."HELLLLLLLLP!!!!"

Thanks to all in advance.  Sorry for the sophomoric noob type question.

0 Kudos
2 Replies
miguelvelezwhit
Enthusiast
Enthusiast
‎03-16-2017 07:32 AM

I think that I may be on to something.  Is it possible to take a command which adds a permission (new permission) to a role on an ESXi host and change that to a vCenter instead?

New-VIPermission -Principal AD Domain Group -Role my existing role of Read Only w/Console -Propagate:$true

I've left out the Entity parameter because I want it to go to every vCenter that I have open.

Will this do the job?

0 Kudos
kwhornlcs
Enthusiast
Enthusiast
‎03-16-2017 03:46 PM

You have to hit an inventory object. In the context you're looking for them, I believe the vCenters are root folders. Easiest way to get them is Get-Folder -Norecursion

Try something like this:

Get-Folder -norecursion | New-VIPermission -Principal ADDomainGroup -Role ExistingROwithConsole -Propagate:$true
0 Kudos