VMware Cloud Community
Assaro_Delamar
Contributor
Contributor
‎11-08-2022 12:00 AM
Jump to solution

Script to assign groups to different Resourcepools and Folders

Hi, i am working on a script that automatically generates a Resourcepool, nested Folders and a Group from a json input. How do i add that group with a specified permission to the Resourepool and the folder structure?

The script needs to work on multiple servers, so i can't really work with hardcoded IDs. They would be different on another server
The Role always uses the same name on each server, so i think i will have to work with that

Assaro_Delamar_0-1667894384854.png

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎11-08-2022 03:00 AM
Jump to solution

No, you can retrieve groups as well.
This works for me (retrieves an AD group)

Get-VIAccount -id <GroupName> -Domain <NetBIOS DomainName> -Group


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
8 Replies
LucD
Leadership
Leadership
‎11-08-2022 12:54 AM
Jump to solution

Not sure what the actual question is (without seeing the code you already have).
Basically, you will need to use the New-VIPermission cmdlet.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Assaro_Delamar
Contributor
Contributor
‎11-08-2022 01:25 AM
Jump to solution

I tried using New-VIPermission, but i get an error saying that my principal is wrong.
Here is my Code:

$roleName = "Customer-Rights-RessourcesFolders"
$name = "43652114_MustermannIT"

$resourcePool = Get-ResourcePool $name -Server $settings.vCenter
$role = Get-VIRole -Name $roleName -Server $settings.vCenter
$group = Get-VIAccount -Name $name -Group -Server $settings.vCenter
New-VIPermission -Role $role -Entity $resourcePool -Principal $group -Propagate $true -Server $settings.vCenter

 

0 Kudos
LucD
Leadership
Leadership
‎11-08-2022 01:55 AM
Jump to solution

Did Get-VIAccount return anything?
And what exactly is the error message?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Assaro_Delamar
Contributor
Contributor
‎11-08-2022 01:58 AM
Jump to solution 

New-VIPermission : Die Argumenttransformation für den Parameter "Principal" kann nicht verarbeitet werden. Der
Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
In C:\scripts\check_folder.ps1:51 Zeichen:83
+ ... ssion -Role $usedRole -Entity $resourcePool -Principal $group -Propag ...
+                                                            ~~~~~~
    + CategoryInfo          : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis
   sionManagement.NewVIPermission

This is the error message. Get-VIAccount doesn't seem to return anything

0 Kudos
LucD
Leadership
Leadership
‎11-08-2022 02:03 AM
Jump to solution

Is that value in $Name an account the vsphere.local domain or in the AD domain?

Can you try with the format $name = 'account@vsphere.local.
And if it is an AD account with $name = 'account@domain'


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Assaro_Delamar
Contributor
Contributor
‎11-08-2022 02:06 AM
Jump to solution

I think i know where i went wrong. It is not an account, it is only a group that i want to assign. So i think i need another cmdlet for that

0 Kudos
LucD
Leadership
Leadership
‎11-08-2022 03:00 AM
Jump to solution

No, you can retrieve groups as well.
This works for me (retrieves an AD group)

Get-VIAccount -id <GroupName> -Domain <NetBIOS DomainName> -Group


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Assaro_Delamar
Contributor
Contributor
‎11-08-2022 03:43 AM
Jump to solution

That worked. Thank you for your help. I got it now

0 Kudos