CoolonVsphere
Enthusiast
Enthusiast

Need Help in creating admin user on multiple esxi in vCenter with equivalent permission of root.

Jump to solution

Hi

Need Help in creating  admin user on multiple esxi in vCenter with equivalent permission of root.

Also if  the script gives output of user created and not created on esxi host from esxi list given in script.

This will save our time and manual intervention on every esxi host to check user created or not.

Thanks in advance 🙂

1 Solution

Accepted Solutions
sajal1
VMware Employee
VMware Employee

You need to be connected to vCenter server to run Get-VMHost.

So first it should be like following:

Connect-VIServer -Server <vCenter Server FQDN/IP> -user <username> -password <password>

# Then rest of them

$rootUser = 'root'

$rootPswd = 'VMware1!'

$userName = 'testuser'

$esxName = 'esx.test.lab'

$esx = Get-VMHost -Name $esxName

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

    $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

    $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

    $root = Get-Folder -Name root -Server $esx.Name

    New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

}

Disconnect-VIServer -Server $esx.Name -Confirm:$false

View solution in original post

0 Kudos
14 Replies
LucD
Leadership
Leadership
0 Kudos
CoolonVsphere
Enthusiast
Enthusiast

Thanks LucD for reply

Tried links given its givens an error as attached. Upgraded powercli to latest Powercli 6.0 Relase 3 Build 3205540.

Our esxi is 5.5 build 4345813.

Something can be changes done in ps scrip kindly let us know.

++++++++++++++++++++++++++

$groupName = "group"

$accountName = "user"

$accountPswd = "password"

$accountDescription = "A user"

$esxlist = Get-VMHost

foreach($esx in $esxlist){

    Connect-VIServer -Server esxiserverip -User root -Password "password"

    Try {

      Get-VMHostAccount -Id $groupName -Group -ErrorAction Stop | Out-Null

    }

    Catch {

      New-VMHostAccount -Id $groupName -GroupAccount | Out-Null

    }

    $rootFolder = Get-Folder -Name ha-folder-root

    Try{

        $account = Get-VMHostAccount -Id $accountName -ErrorAction Stop |

        Set-VMHostAccount -Password $accountPswd -Description $accountDescription -AssignGroups $groupName

    }

    Catch{

        $account = New-VMHostAccount -Id $accountName -Password $accountPswd -Description $accountDescription -UserAccount -GrantShellAccess -AssignGroups $groupName

    }

   

    $rootFolder = Get-Folder -Name ha-folder-root

    New-VIPermission -Entity $rootFolder -Principal $account -Role admin

    Disconnect-VIServer -Confirm:$false

}

++++++++++++++++++++++++++++++++++++++++++++

Thanks in advance.

PS

0 Kudos
LucD
Leadership
Leadership

My bad, I forgot about that.

Try something like this.

$rootUser = 'root'

$rootPswd = 'VMware1!'

$userName = 'user'

$pswd = 'VMware1!'

foreach($esx in Get-VMHost -Name esx*){

    Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

    Try{

        $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

    }

    Catch{

        $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

    }

    $user

   

    $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    if(!$perm){

        $root = Get-Folder -Name root -Server $esx.Name

        New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

    }

    Disconnect-VIServer -Server $esx.Name -Confirm:$false

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
CoolonVsphere
Enthusiast
Enthusiast

Hi LuCD

How to do i edit this Script if i want to add 10 esxi in this list.

For eg my esxi ip is from 10.10.10.1  to 10.10.10.10

I am sorry i am fully not aware of PowerCli.

Thanks in advance

PS

0 Kudos
LucD
Leadership
Leadership

You could try something like this

1..10 | %{

    $esx = Get-VMHost -Name "10.10.10.$($_)"

    Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

    Try{

        $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

    }

    Catch{

        $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

    }

    $user

  

    $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    if(!$perm){

        $root = Get-Folder -Name root -Server $esx.Name

        New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

    }

    Disconnect-VIServer -Server $esx.Name -Confirm:$false

}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
CoolonVsphere
Enthusiast
Enthusiast

Tried with this only user is getting created but no admin/root level  premission assigned to user.

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

    Try{

        $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

    }

    Catch{

        $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

    }

    $user

 

    $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    if(!$perm){

        $root = Get-Folder -Name root -Server $esx.Name

        New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

    }

    Disconnect-VIServer -Server $esx.Name -Confirm:$false

}

0 Kudos
LucD
Leadership
Leadership

Works for me, but that script you posted is not complete.

I used this for a test.

And when you do a Get-VIPermission on the ESXi node you should see that the new account has the Admin role.

Not sure what you mean by admin/root level permissions.

$rootUser = 'root'

$rootPswd = 'VMware1!'

$userName = 'testuser'

$esxName = 'esx.test.lab'

$esx = Get-VMHost -Name $esxName

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

    $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

    $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

    $root = Get-Folder -Name root -Server $esx.Name

    New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

}

Disconnect-VIServer -Server $esx.Name -Confirm:$false


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
CoolonVsphere
Enthusiast
Enthusiast

Thanks lot really appricate your the only one to answering on this forum

tried with corrected script its given connection errror

Get-VMHost : 2/22/2017 4:14:12 PM    Get-VMHost        You are not currently connected to any servers. Please connect

first using a Connect cmdlet.

At line:1 char:8

+ $esx = Get-VMHost -Name $esxName

+        ~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : ResourceUnavailable: (:) [Get-VMHost], ViServerConnectionException

    + FullyQualifiedErrorId : Core_BaseCmdlet_NotConnectedError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetVMHost

PowerCLI C:\>  Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Connect-VIServer : Cannot validate argument on parameter 'Server'. The argument is null or empty. Provide an argument

that is not null or empty, and then try the command again.

At line:1 char:27

+  Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

+                           ~~~~~~~~~

    + CategoryInfo          : InvalidData: (:) [Connect-VIServer], ParameterBindingValidationException

    + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.ConnectVIS

   erver

PowerCLI C:\>  Try{

>>     $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

>> }

>> Catch{

>>     $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

>> }

>>  $perm = Get-VIPermission -Principal $userName -Server $esx.Name

>> if(!$perm){

>>     $root = Get-Folder -Name root -Server $esx.Name

>>     New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

>> }

>>  Disconnect-VIServer -Server $esx.Name -Confirm:$false

>>

0 Kudos
LucD
Leadership
Leadership

Before you run the script you need to connect to your vCenter with Connect-VIServer, otherwise the Get-VMHost will not work.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
sajal1
VMware Employee
VMware Employee

You need to be connected to vCenter server to run Get-VMHost.

So first it should be like following:

Connect-VIServer -Server <vCenter Server FQDN/IP> -user <username> -password <password>

# Then rest of them

$rootUser = 'root'

$rootPswd = 'VMware1!'

$userName = 'testuser'

$esxName = 'esx.test.lab'

$esx = Get-VMHost -Name $esxName

Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

Try{

    $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

}

Catch{

    $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

}

$perm = Get-VIPermission -Principal $userName -Server $esx.Name

if(!$perm){

    $root = Get-Folder -Name root -Server $esx.Name

    New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

}

Disconnect-VIServer -Server $esx.Name -Confirm:$false

0 Kudos
sajal1
VMware Employee
VMware Employee

LucD‌ you ROCK!!! Don't know how you can be so quick in replying. And you DO reply always. Right now I am in office and I am not as quick as you are Smiley Happy. Respect.......

LucD
Leadership
Leadership

:smileyblush:


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
CoolonVsphere
Enthusiast
Enthusiast

Thanks ton for help LUCD and Sejal really appreciate 🙂 saved my lot of time 🙂 You guys rocks 🙂

If i put more esxi host in script its only create user in 1st esx . If want to give 50 server with different host name or ip address. how we can modify the script.

$esxName = 'esx.test.lab'

$esxName = 'sserver2'

$esxName = 'Xyzabc'

0 Kudos
sajal1
VMware Employee
VMware Employee

Modify it like following:

# Connecting to vCenter Server

Connect-VIServer -Server <vCenter Server FQDN/IP> -user <username> -password <password>

# Then rest of them

$rootUser = 'root'

$rootPswd = 'VMware1!'

$userName = 'testuser'

foreach ($esx in Get-VMHost){

     Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

     Try{

         $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

     }

     Catch{

         $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

     }

     $perm = Get-VIPermission -Principal $userName -Server $esx.Name

     if(!$perm){

         $root = Get-Folder -Name root -Server $esx.Name

         New-VIPermission -Entity $root -Principal $userName -Role Admin -Server $esx.Name

     }

     Disconnect-VIServer -Server $esx.Name -Confirm:$false

}

0 Kudos