Here is a script to add the user accounts.....
Do you have a script to add the permissions?
function New-VMHostShellAccount { param ($Name, $Password = $null, $Description = $null, $PosixId = $null) $SvcInstance = Get-View serviceinstance $AcctMgr = Get-View $SvcInstance.Content.AccountManager $AcctSpec = new-object VMware.Vim.HostPosixAccountSpec $AcctSpec.id = $Name $AcctSpec.password = $Password $AcctSpec.description = $Description $AcctSpec.shellAccess = $false # Enable shell access $AcctSpec.posixId = $PosixId $AcctMgr.CreateUser($AcctSpec) # Create user Get-VMHostAccount | Where-Object { $_.Id -eq $Name } # Write new user to output stream just as New-VMHostAccount would }
$vcs = @() $vcs += connect-viserver "VCSERVER01" $vcs += connect-viserver "VCSERVER02" $vcs += connect-viserver "VCSERVER03" $vcs += connect-viserver "VCSERVER04" $vcs += connect-viserver "VCSERVER05" $vcs += connect-viserver "VCSERVER06"
$user = Read-Host "Authenticate - USER NAME" $pass = Read-Host "Authenticate - PASSWORD" $newuser = Read-Host "Create New User Account" $newpass = Read-Host "Create New Password" $description = Read-Host "Create Description" $Id = Read-Host "Create ID number"
$vmhosts = Get-VMHost -server $vcs | Sort-Object Name
foreach ($vmhost in $vmhosts) { Write-Host $vmhost Connect-VIServer $vmhost -User $user -Password $pass New-VMHostShellAccount -Name $newuser -Password $newpass -Description $Description -PosixId $Id }
Have a look at .
In there I show how to create a new "role" and then how to assign this role, together with the account(s) or principal(s) like they are called in the API, to an entity.
An ESX server has 3 built in roles ("No Access", "Read-Only" and "Administrator") but you can create your own roles with just the privileges you require.
Note that the VI Toolkit for Windows Community Extensions contain functions to manage roles and permissions.
The extensions do require that you use PowerShell v2 CTP3 !
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Are you aware that the latest build of PowerCLI contains the cmdlet New-VMHostAccount ?
There is no need anymore to use Carter's function.
Which permissions did you have in mind?
You can assign the new account to groups with the New-VMHostAccount cmdlet, if that is what you are trying to do.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I also have a script that add's or removes users who are member of a particular AD group.
You can find the script here:
http://communities.vmware.com/docs/DOC-7090
Thanks much.... I created this script to create the user, create the group, assign the user to the group, and reset the password.... Works great! Thanks for the heads up.
Just missing one thing... How do I assign the group Permissions and Roles? Read-Only Role with Permissions to the ESX Server object and Propagate to Child Objects?
#Add Account #Add Group #Add User to Group #Reset Password
$vcs = @() $vcs += connect-viserver VCServer1 $vcs += connect-viserver VCServer2 $vcs += connect-viserver VCServer3
$vmhosts = Get-VMHost -server $vcs | Sort-Object Name
$user = "user" $pass = "password" $group = "group" $HostUser = Read-Host "HOST USER" $var = Read-Host "HOST PASSWORD"
foreach ($vmhost in $vmhosts) { Connect-VIServer $vmhost -User $HostUser -Password $var New-VMHostAccount -Id $user -Password $pass -UserAccount #New User Account New-VMHostAccount -Id $group -GroupAccount -AssignUsers $user #Create Group Account, Assign User to Group Set-VMHostAccount -UserAccount $user -Password $pass #Reset Password in the case the account was already created }
Thanks much! I like it.
Any thoughts on assigning the Group Permissions and Roles?
Any thoughts on assigning the Group Permissions and Roles?
Have a look at .
In there I show how to create a new "role" and then how to assign this role, together with the account(s) or principal(s) like they are called in the API, to an entity.
An ESX server has 3 built in roles ("No Access", "Read-Only" and "Administrator") but you can create your own roles with just the privileges you require.
Note that the VI Toolkit for Windows Community Extensions contain functions to manage roles and permissions.
The extensions do require that you use PowerShell v2 CTP3 !
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference