Hi,
I would like to query multiple vCenters and generate a CSV file with the AD groups/users that have the Administrator Role.
Something along the lines of: (*** Note: This code is not using correct variables ***)
Connect-viserver -Server (Get-Content C:\Scripts\MyvCenterList.txt) > $null
$report = Foreach($vc in $global:DefaultVIServers){
Get-VMHost | GetViPermission | where VIRole = 'Administrator'
Select @{N='vCenterName' ;E={$vc.Name}, #The vCenter where these groups are configured
@{N='vCenterRole' ;E={$vc.VIRole} # The Administrator Role
@{N='AD Group' ;E={$vc.Principal} #The AD group with the Administrator Role
@{N='LocationRole' ;E={$vc.FolderWhereRoleisApplied} # e.g At vCenter Root level
Thanks,
Fin
Try something like this.
The problem with the ADSI Exists method is that it is not silent when encountering a non-existent domain.
Hence the juggling with the $ErrorActionPreference
$ea = $ErrorActionPreference
$ErrorActionPreference = 'SilentlyContinue'
foreach($vc in $global:DefaultVIServers){
Get-VIPermission -Server $vc |
Where{$_.Role -eq 'Admin' -and ([ADSI]::Exists("LDAP://$($_.Principal.Split('\')[0])"))} |
Select @{N='vCenter';E={$vc.Name}},Principal,Entity,Role
}
$ErrorActionPreference = $ea
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try something like this.
The problem with the ADSI Exists method is that it is not silent when encountering a non-existent domain.
Hence the juggling with the $ErrorActionPreference
$ea = $ErrorActionPreference
$ErrorActionPreference = 'SilentlyContinue'
foreach($vc in $global:DefaultVIServers){
Get-VIPermission -Server $vc |
Where{$_.Role -eq 'Admin' -and ([ADSI]::Exists("LDAP://$($_.Principal.Split('\')[0])"))} |
Select @{N='vCenter';E={$vc.Name}},Principal,Entity,Role
}
$ErrorActionPreference = $ea
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Awesome as always LucD!! Thanks so much :smileygrin:
Just for reference, this is my final edit for the script:
$ea = $ErrorActionPreference
$ErrorActionPreference = 'SilentlyContinue'
Connect-VIServer -Server (Get-Content C:\Scripts\vC-List.txt) > $null
$report = foreach($vc in $global:DefaultVIServers){
Get-VIPermission -Server $vc |
Where{$_.Role -eq 'Admin' -and ([ADSI]::Exists("LDAP://$($_.Principal.Split('\')[0])"))} |
Select @{N='vCenter';E={$vc.Name}},Principal,EntityID,Role
}
$report | Export-Csv C:\Scripts\vC-Groups-Cfg-With-AdminRole.csv
$ErrorActionPreference = $ea