VMware Cloud Community
ITTech2002
Contributor
Contributor
‎06-01-2009 02:17 PM
Jump to solution

Powershell Script to add Users and Permissions to ESX Host

Here is a script to add the user accounts.....

Do you have a script to add the permissions?

  1. Original by c_shanklin @ http://communities.vmware.com/message/1013362

function New-VMHostShellAccount { param ($Name, $Password = $null, $Description = $null, $PosixId = $null) $SvcInstance = Get-View serviceinstance $AcctMgr = Get-View $SvcInstance.Content.AccountManager $AcctSpec = new-object VMware.Vim.HostPosixAccountSpec $AcctSpec.id = $Name $AcctSpec.password = $Password $AcctSpec.description = $Description $AcctSpec.shellAccess = $false # Enable shell access $AcctSpec.posixId = $PosixId $AcctMgr.CreateUser($AcctSpec) # Create user Get-VMHostAccount | Where-Object { $_.Id -eq $Name } # Write new user to output stream just as New-VMHostAccount would }

  1. Added by Timothy Cutting

$vcs = @() $vcs += connect-viserver "VCSERVER01" $vcs += connect-viserver "VCSERVER02" $vcs += connect-viserver "VCSERVER03" $vcs += connect-viserver "VCSERVER04" $vcs += connect-viserver "VCSERVER05" $vcs += connect-viserver "VCSERVER06"

$user = Read-Host "Authenticate - USER NAME" $pass = Read-Host "Authenticate - PASSWORD" $newuser = Read-Host "Create New User Account" $newpass = Read-Host "Create New Password" $description = Read-Host "Create Description" $Id = Read-Host "Create ID number"

$vmhosts = Get-VMHost -server $vcs | Sort-Object Name

foreach ($vmhost in $vmhosts) { Write-Host $vmhost Connect-VIServer $vmhost -User $user -Password $pass New-VMHostShellAccount -Name $newuser -Password $newpass -Description $Description -PosixId $Id }

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎06-09-2009 12:43 PM
Jump to solution

Have a look at .

In there I show how to create a new "role" and then how to assign this role, together with the account(s) or principal(s) like they are called in the API, to an entity.

An ESX server has 3 built in roles ("No Access", "Read-Only" and "Administrator") but you can create your own roles with just the privileges you require.

Note that the VI Toolkit for Windows Community Extensions contain functions to manage roles and permissions.

The extensions do require that you use PowerShell v2 CTP3 !


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
6 Replies
LucD
Leadership
Leadership
‎06-01-2009 11:35 PM
Jump to solution

Are you aware that the latest build of PowerCLI contains the cmdlet New-VMHostAccount ?

There is no need anymore to use Carter's function.

Which permissions did you have in mind?

You can assign the new account to groups with the New-VMHostAccount cmdlet, if that is what you are trying to do.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

RobMokkink
Expert
Expert
‎06-02-2009 02:56 AM
Jump to solution

I also have a script that add's or removes users who are member of a particular AD group.

You can find the script here:

http://communities.vmware.com/docs/DOC-7090

ITTech2002
Contributor
Contributor
‎06-02-2009 08:28 AM
Jump to solution

Thanks much.... I created this script to create the user, create the group, assign the user to the group, and reset the password.... Works great! Thanks for the heads up.

Just missing one thing... How do I assign the group Permissions and Roles? Read-Only Role with Permissions to the ESX Server object and Propagate to Child Objects?

#Add Account #Add Group #Add User to Group #Reset Password

$vcs = @() $vcs += connect-viserver VCServer1 $vcs += connect-viserver VCServer2 $vcs += connect-viserver VCServer3

$vmhosts = Get-VMHost -server $vcs | Sort-Object Name

$user = "user" $pass = "password" $group = "group" $HostUser = Read-Host "HOST USER" $var = Read-Host "HOST PASSWORD"

foreach ($vmhost in $vmhosts) { Connect-VIServer $vmhost -User $HostUser -Password $var New-VMHostAccount -Id $user -Password $pass -UserAccount #New User Account New-VMHostAccount -Id $group -GroupAccount -AssignUsers $user #Create Group Account, Assign User to Group Set-VMHostAccount -UserAccount $user -Password $pass #Reset Password in the case the account was already created }

0 Kudos
ITTech2002
Contributor
Contributor
‎06-02-2009 08:33 AM
Jump to solution

Thanks much! I like it.

Any thoughts on assigning the Group Permissions and Roles?

0 Kudos
ITTech2002
Contributor
Contributor
‎06-09-2009 11:25 AM
Jump to solution

Any thoughts on assigning the Group Permissions and Roles?

0 Kudos
LucD
Leadership
Leadership
‎06-09-2009 12:43 PM
Jump to solution

Have a look at .

In there I show how to create a new "role" and then how to assign this role, together with the account(s) or principal(s) like they are called in the API, to an entity.

An ESX server has 3 built in roles ("No Access", "Read-Only" and "Administrator") but you can create your own roles with just the privileges you require.

Note that the VI Toolkit for Windows Community Extensions contain functions to manage roles and permissions.

The extensions do require that you use PowerShell v2 CTP3 !


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos