VMware Cloud Community
SteveZio
Contributor
Contributor
‎01-03-2012 06:56 AM
Jump to solution

How to change a non root account on multiple esx 4 hosts

We currently use the below script to change the root password but we need one  to change a non root account that does not have access the same way root does.

So if this script could be changed to log into each server with root and then change a non root account's password that would be helpfull.

Any help would be appreciated.

-Steve

#
# This script changes the root password on all ESX hosts in the esxservers.txt textfile
#

# Add VI-toolkit #
Add-PSsnapin VMware.VimAutomation.Core
Initialize-VIToolkitEnvironment.ps1

# Get old root credential
$oldrootPassword = Read-Host "Enter old root password" -AsSecureString
$oldrootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$oldrootPassword

# Get new root credential
$newrootPassword = Read-Host "Enter new root password" -AsSecureString
$newrootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$newrootPassword
$newrootPassword2 = Read-Host "Retype new root password" -AsSecureString
$newrootCredential2 = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$newrootPassword2
$WarningPreference = "SilentlyContinue"

# Compare passwords
If ($newrootCredential.GetNetworkCredential().Password -ceq $newrootCredential2.GetNetworkCredential().Password) {

    # Create new root account object
    $rootaccount = New-Object VMware.Vim.HostPosixAccountSpec
    $rootaccount.id = "root"
    $rootaccount.password = $newrootCredential.GetNetworkCredential().Password
    $rootaccount.shellAccess = "/bin/bash"

    # Get list of Host servers from textfile to change root password on
    Get-Content esxservers.txt | %{
        Connect-VIServer $_ -User root -Password $oldrootCredential.GetNetworkCredential().Password -ErrorAction SilentlyContinue -ErrorVariable ConnectError | Out-Null
        If ($ConnectError -ne $Null) {
            Write-Host "ERROR: Failed to connect to ESX server:" $_
        }
        Else {
            $si = Get-View ServiceInstance
            $acctMgr = Get-View -Id $si.content.accountManager
            $acctMgr.UpdateUser($rootaccount)
            Write-Host "Root password successfully changed on" $_
            Disconnect-VIServer -Confirm:$False | Out-Null
        }
    }
}
Else {
Write-Host "ERROR: New root passwords do not match. Exiting..."
}

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎01-03-2012 08:03 AM
Jump to solution

Try something like this.

It will first prompt for the root password of the ESX(i) servers.

Then the name of the account, followed by the 2 times the new password

#
# This script changes the password of an account on all ESX hosts in the esxservers.txt textfile
#
 # Add VI-toolkit 
#
 Add-PSsnapin VMware.VimAutomation.Core
Initialize-VIToolkitEnvironment.ps1

# Get root password
$rootPassword = Read-Host "Enter root password" -AsSecureString
$rootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$rootPassword
# Get account to change
$account = Read-Host "Enter account"
# Get new account credential
$newaccountPassword = Read-Host "Enter new password" -AsSecureString
$newaccountCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $account,$newaccountPassword
$newaccountPassword2 = Read-Host "Retype new password" -AsSecureString
$newaccountCredential2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $account,$newaccountPassword2
$WarningPreference = "SilentlyContinue"
# Compare passwords
If ($newaccountCredential.GetNetworkCredential().Password -ceq $newaccountCredential2.GetNetworkCredential().Password) {

    # Create new root account object
    $accountSpec = New-Object VMware.Vim.HostPosixAccountSpec
    $accountSpec.id = $account
    $accountSpec.password = $newaccountCredential.GetNetworkCredential().Password
    $accountSpec.shellAccess = "/bin/bash"
    # Get list of Host servers from textfile to change account password on
    Get-Content esxservers.txt | %{
        Connect-VIServer $_ -User root -Password $rootCredential.GetNetworkCredential().Password -ErrorAction SilentlyContinue -ErrorVariable ConnectError | Out-Null
        If ($ConnectError -ne $Null) {
            Write-Host "ERROR: Failed to connect to ESX server:" $_
        }
        Else {
            $si = Get-View ServiceInstance
            $acctMgr = Get-View -Id $si.content.accountManager
            $acctMgr.UpdateUser($accountSpec)
            Write-Host "$account password successfully changed on" $_
            Disconnect-VIServer -Confirm:$False | Out-Null
        }
    }
}
Else {
Write-Host "ERROR: New $account passwords do not match. Exiting..."
}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
7 Replies
LucD
Leadership
Leadership
‎01-03-2012 07:33 AM
Jump to solution

Can't you just use the same script ?

Just add a prompt for the account you want to change the password for and create the PSCredential object for this account instead of for the root account.

Then you connect as root to each ESX(i) server and use the UpdateUser method (as the script does).


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
SteveZio
Contributor
Contributor
‎01-03-2012 07:47 AM
Jump to solution

I know we should be able to do it but I am not scripting knowledgeable.

I was hoping for specifics for a noob.

-Thanks

Steve

0 Kudos
LucD
Leadership
Leadership
‎01-03-2012 08:03 AM
Jump to solution

Try something like this.

It will first prompt for the root password of the ESX(i) servers.

Then the name of the account, followed by the 2 times the new password

#
# This script changes the password of an account on all ESX hosts in the esxservers.txt textfile
#
 # Add VI-toolkit 
#
 Add-PSsnapin VMware.VimAutomation.Core
Initialize-VIToolkitEnvironment.ps1

# Get root password
$rootPassword = Read-Host "Enter root password" -AsSecureString
$rootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$rootPassword
# Get account to change
$account = Read-Host "Enter account"
# Get new account credential
$newaccountPassword = Read-Host "Enter new password" -AsSecureString
$newaccountCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $account,$newaccountPassword
$newaccountPassword2 = Read-Host "Retype new password" -AsSecureString
$newaccountCredential2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $account,$newaccountPassword2
$WarningPreference = "SilentlyContinue"
# Compare passwords
If ($newaccountCredential.GetNetworkCredential().Password -ceq $newaccountCredential2.GetNetworkCredential().Password) {

    # Create new root account object
    $accountSpec = New-Object VMware.Vim.HostPosixAccountSpec
    $accountSpec.id = $account
    $accountSpec.password = $newaccountCredential.GetNetworkCredential().Password
    $accountSpec.shellAccess = "/bin/bash"
    # Get list of Host servers from textfile to change account password on
    Get-Content esxservers.txt | %{
        Connect-VIServer $_ -User root -Password $rootCredential.GetNetworkCredential().Password -ErrorAction SilentlyContinue -ErrorVariable ConnectError | Out-Null
        If ($ConnectError -ne $Null) {
            Write-Host "ERROR: Failed to connect to ESX server:" $_
        }
        Else {
            $si = Get-View ServiceInstance
            $acctMgr = Get-View -Id $si.content.accountManager
            $acctMgr.UpdateUser($accountSpec)
            Write-Host "$account password successfully changed on" $_
            Disconnect-VIServer -Confirm:$False | Out-Null
        }
    }
}
Else {
Write-Host "ERROR: New $account passwords do not match. Exiting..."
}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
SteveZio
Contributor
Contributor
‎01-03-2012 10:06 AM
Jump to solution

I get this

cid:image001.png@01CCCA18.648E8770

Thank you,

Steve

Preview file
24 KB
0 Kudos
LucD
Leadership
Leadership
‎01-03-2012 10:09 AM
Jump to solution

My mistake, there was a typo in the script.

I just corrected it, please try again.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
SteveZio
Contributor
Contributor
‎01-03-2012 10:17 AM
Jump to solution

That did the trick.

Thank you very much

-Steve

0 Kudos
jakas
Contributor
Contributor
‎09-07-2012 12:17 AM
Jump to solution

keep getting this error:

Get-View : Cannot validate argument on parameter 'Id'. The argument is null or empty. Supply an argument tha
t is not null or empty and then try the command again.
At C:\Users\abcd\AppData\Local\Temp\3\166aa7dd-60b2-4d0a-b9cb-90e1ba711d68.ps1:33 char:27
+             $acctMgr = Get-View -Id <<<<  $si.content.accountManager
    + CategoryInfo          : InvalidData: (:) [Get-View], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands
   .DotNetInterop.GetVIView

using powercli 5.0

what could be the problem. any help appreciated. thanks.

0 Kudos