VMware Cloud Community
mellvin
Contributor
Contributor
Jump to solution

Need powercli script to create a new local admin account on all ESX and ESXi hosts in the vcenter

Hi All,

If anyone can help me with a powercli script  to create a new local admin account on all ESX and ESXi hosts in the vcenter , create a new role called admin and provide all access except root. This shoulb be across a virtual center.

Much appreciated for the help.

Regards,

Mellvin

24 Replies
mellvin
Contributor
Contributor
Jump to solution

Hi Luc,

Your script was of great help in our environment. But only thing is we have some vsphere 5.1 hosts which doesnt support giving groups admin permissions. So can you please modify the script so that new user ID is created and directly added to administrator permissions to it.

Thanks in advance.

Regards,

Mellvin

Reply
0 Kudos
AnthBro
Enthusiast
Enthusiast
Jump to solution


I have seen this a script a couple of times, and I have a few quick questions about it...

Firstly I thought local groups didn't exist anymore, am I wrong?

Secondly why do you do this...

LucD wrote:

    $rootFolder = Get-Folder -Name ha-folder-root

I'm sure there is a good reason, I'd just like to know what it is.

Otherwise it's a great script and I use one based on it often, hence why I wanted to know what the script I use so often does.

If you rather I started a new thread I can do that too.

Any views or opinions presented in this post are solely those of the author and do not necessarily represent those of the company he works for.
Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Afaik, groups are still there.

The rootfolder is used to get the top-node in the vSphere object tree.

The permission will then be, through inheritance, be available on all vSphere objects.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
chinsjain
Contributor
Contributor
Jump to solution

Hi there,

this is a good script to add a local admin account on all esx hosts. However, i want to add a domain user to all the esxi 5.5 hosts as an admin to run the autodiscovery queries (which in linux goes through ssh)

Adding domain users to each host is a tedious process and adding the domain user to admin group in vcenter does not help.

Would appreciate if I can an automated way to do it.

Thanks

Chintan

Reply
0 Kudos
AnthBro
Enthusiast
Enthusiast
Jump to solution

So I was correct as of 5.1 local groups are not supported.

I now use this script

$RootCred = Get-Credential

$NewAccount = "ServerAdmin"

$NewAccountPassword = "password"

$NewAccountDescription = "Server Administrator"

$esxi = "fqdn of host"

connect-viserver $esxi -credential $rootcred

New-VMHostAccount -Id $NewAccount -Password $NewAccountPassword -Description $NewAccountDescription

New-VIPermission -Entity $esxi -Principal $NewAccount -Role Admin -Propagate:$true

Any views or opinions presented in this post are solely those of the author and do not necessarily represent those of the company he works for.
Reply
0 Kudos