Hi,
I am writing a script that creates a resource pool, adds a security group to it's permissions, and then creates 2 Port Groups on each host in the DataCenter, sets their VLANiD's and then adds a security group to the Port Group permissions. I have managed to get as far as creating the Port Groups I just can't seem to get it to add the security group to the Port Group permissions. I have managed to get it to work with the resource pool.
I was wondering if anyone knew how to add an AD security group to port group permissions using PowerClI?
Thanks
The New-VIPermission cmdlet doesn't handle the newer entities, like network.
That means you will have to fall back on the SDK method SetEntityPermissions.
$esxName = <hostname> $pgName = <portgroupname> $user = <AD account> # Ex "TEST\luc" $role = <rolename> # Ex "Admin" $group = $false $propagate = $false $authMgr = Get-View (Get-View ServiceInstance).Content.authorizationManager $perm = New-Object VMware.Vim.Permission $perm.Principal = $user $perm.roleId = ($authMgr.RoleList | where{$_.Name -eq $role}).RoleId $perm.group = $group $perm.propagate = $propagate $esx = Get-VMHost -Name $esxName $esx.ExtensionData.Network | %{ $net = Get-View $_ if($net.Name -eq $pgName){ $authMgr.SetEntityPermissions($_,$perm) } }
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
The New-VIPermission cmdlet doesn't handle the newer entities, like network.
That means you will have to fall back on the SDK method SetEntityPermissions.
$esxName = <hostname> $pgName = <portgroupname> $user = <AD account> # Ex "TEST\luc" $role = <rolename> # Ex "Admin" $group = $false $propagate = $false $authMgr = Get-View (Get-View ServiceInstance).Content.authorizationManager $perm = New-Object VMware.Vim.Permission $perm.Principal = $user $perm.roleId = ($authMgr.RoleList | where{$_.Name -eq $role}).RoleId $perm.group = $group $perm.propagate = $propagate $esx = Get-VMHost -Name $esxName $esx.ExtensionData.Network | %{ $net = Get-View $_ if($net.Name -eq $pgName){ $authMgr.SetEntityPermissions($_,$perm) } }
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks for the reply LucD,
Please excuse me as I am pretty much a noob when it comes to this.
Can those commands be called from PowerCLI? Ideally I am going to make it into a function and run it in a loop for each esxi host.
Yes, this is regular PowerCLI code.
The script just uses some features, like the Extensiondata property and the Get-View cmdlet, to get at the underlying vSphere objects.
You can easily turn this into a function.
Change the assignments at the beginning of the script into function parameters and the rest of the script can stay as-is.
Let me know if you encounter any problems with turning this into a function.
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
As usual LucD, you are a genius
Thank you.