VMware Cloud Community
faherne_CTI
Enthusiast
Enthusiast
‎04-11-2018 09:13 AM
Jump to solution

List all AD groups in a vCenter with the Administrator Role

Hi,

I would like to query multiple vCenters and generate a CSV file with the AD groups/users that have the Administrator Role.

Something along the lines of: (*** Note: This code is not using correct variables ***)

Connect-viserver -Server (Get-Content C:\Scripts\MyvCenterList.txt) > $null

$report = Foreach($vc in $global:DefaultVIServers){

Get-VMHost | GetViPermission | where VIRole = 'Administrator'

Select @{N='vCenterName' ;E={$vc.Name},                                    #The vCenter where these groups are configured

           @{N='vCenterRole' ;E={$vc.VIRole}                                      # The Administrator Role

           @{N='AD Group' ;E={$vc.Principal}                                       #The AD group with the Administrator Role             

           @{N='LocationRole' ;E={$vc.FolderWhereRoleisApplied}     # e.g At vCenter Root level

Thanks,

Fin

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎04-11-2018 09:37 AM
Jump to solution

Try something like this.

The problem with the ADSI Exists method is that it is not silent when encountering a non-existent domain.

Hence the juggling with the $ErrorActionPreference

$ea = $ErrorActionPreference

$ErrorActionPreference = 'SilentlyContinue'

foreach($vc in $global:DefaultVIServers){

    Get-VIPermission -Server $vc |

    Where{$_.Role -eq 'Admin' -and ([ADSI]::Exists("LDAP://$($_.Principal.Split('\')[0])"))} |

    Select @{N='vCenter';E={$vc.Name}},Principal,Entity,Role

}

$ErrorActionPreference = $ea


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
2 Replies
LucD
Leadership
Leadership
‎04-11-2018 09:37 AM
Jump to solution

Try something like this.

The problem with the ADSI Exists method is that it is not silent when encountering a non-existent domain.

Hence the juggling with the $ErrorActionPreference

$ea = $ErrorActionPreference

$ErrorActionPreference = 'SilentlyContinue'

foreach($vc in $global:DefaultVIServers){

    Get-VIPermission -Server $vc |

    Where{$_.Role -eq 'Admin' -and ([ADSI]::Exists("LDAP://$($_.Principal.Split('\')[0])"))} |

    Select @{N='vCenter';E={$vc.Name}},Principal,Entity,Role

}

$ErrorActionPreference = $ea


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
faherne_CTI
Enthusiast
Enthusiast
‎04-11-2018 10:05 AM
Jump to solution

Awesome as always LucD!! Thanks so much :smileygrin:

Just for reference, this is my final edit for the script:

$ea = $ErrorActionPreference

$ErrorActionPreference = 'SilentlyContinue'

Connect-VIServer -Server (Get-Content C:\Scripts\vC-List.txt) > $null

$report = foreach($vc in $global:DefaultVIServers){

    Get-VIPermission -Server $vc |

    Where{$_.Role -eq 'Admin' -and ([ADSI]::Exists("LDAP://$($_.Principal.Split('\')[0])"))} |

    Select @{N='vCenter';E={$vc.Name}},Principal,EntityID,Role

}

$report | Export-Csv C:\Scripts\vC-Groups-Cfg-With-AdminRole.csv

$ErrorActionPreference = $ea

0 Kudos