VMware Cloud Community
emcclure
Enthusiast
Enthusiast
‎08-26-2019 02:31 PM
Jump to solution

Trying to get a PowerCLI script to run on multiple vCenters at once

Hello,

I'm not working on a script that can assign permissions to a folder that's specified by a user.  The current script assumes the user knows which vCenter the folder is in (It is randomly assigned based on current work load and other things).  That script is this:

$viserver = Read-Host "Enter the vCenter to connect to"
Connect-VIServer -Server $viserver

while($true){
    $endAnswer = '1'
    while($endAnswer -ne 'Q'){
        if($endAnswer -eq '1'){
            $dc = Get-Datacenter | Select -ExpandProperty Name
            if($dc.count -gt 1){
                $dc = $dc | Out-GridView -OutputMode Single -Title 'Select one datacenter'
            }
            $endAnswer = '2'
        }
  if($endAnswer -eq '2'){
            $podnumber = Read-Host = "Enter the pod number"
            if($podnumber.count -eq 1){
                $folder = Get-Folder -Name Myfolder-$podnumber
            }
            $endAnswer = '3'
        }
        if($endAnswer -eq '3'){
            $usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"
           
           
        }
  
  New-VIPermission -Entity $folder -Principal $usertoadd -Role VirtualMachineUser -Propagate:$true
   
        write-host "Please select an option"
        Write-Host "1 - Go back to the datacenter selection"
  Write-Host "2 - Go back to the folder selection"
        Write-Host "3 - Go back to the user selection"
  Write-Host "Q - Exit the script"
        $endAnswer = ''
        while('1','2','3','Q' -notcontains $endAnswer){
            $endAnswer = (Read-Host -Prompt 'Your answer').ToUpper()
        }
    }
    Disconnect-VIServer -Server $viserver -Confirm:$false
Write-Host "Disconnecting from vCenter and exiting script"
Write-Host "Insert catchy quote here."
    break
}

However I want to make it where the user just enters their domain creds that should work on either vCenter and allow them to perform the same steps.  I was looking at what someone else had for something different, but no luck.  Here's what I have for that:

param
(
$viservers = 'vcenter1.domain, vcenter2.domain'
)
$creds = Get-Credential
$viservers = ($viservers.Replace(' ','')).Split(',')
ForEach( $server in $viservers) {
$vSphereConns+= Connect-VIServer -Server $server -Credential $creds
}

while($true){
    $endAnswer = '1'
    while($endAnswer -ne 'Q'){
        <#if($endAnswer -eq '1'){
            $dc = Get-Datacenter | Select -ExpandProperty Name
            if($dc.count -gt 1){
                $dc = $dc | Out-GridView -OutputMode Single -Title 'Select one datacenter'
            }
            $endAnswer = '2'
        }#>
  if($endAnswer -eq '1'){
            $podnumber = Read-Host = "Enter the pod number"
            if($podnumber.count -eq 1){
                $folder = Get-Folder -Name Myfolder-$podnumber
            }
            $endAnswer = '2'
        }
        if($endAnswer -eq '2'){
            $usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"
           
           
        }
  
  New-VIPermission -Entity $folder -Principal $usertoadd -Role VirtualMachineUser -Propagate:$true
   
        write-host "Please select an option"
        Write-Host "1 - Go back to the datacenter selection"
  Write-Host "2 - Go back to the folder selection"
        #Write-Host "3 - Go back to the user selection"
  Write-Host "Q - Exit the script"
        $endAnswer = ''
        while('1','2','Q' -notcontains $endAnswer){
            $endAnswer = (Read-Host -Prompt 'Your answer').ToUpper()
        }
    }
ForEach( $conn in $vSphereConns) {
    Disconnect-VIServer -Server $conn -Confirm:$false
}
Write-Host "Disconnecting from vCenter and exiting script"
Write-Host "Insert catchy quote here."
    break
}

So an important thing is that the datacenters are setup the same on each vCenter.  Each has a management datacenter and one that's for all the rest of the stuff I'm trying to access.  I'm going to assume I need to remove the part where I select the datacenter or at least change it to somehow look at the specific datacenter on both vCenters.  I'm stuck here and not quite sure what to look at in my search that will solve my problem.

0 Kudos
1 Solution

Accepted Solutions
cryton2707
Enthusiast
Enthusiast
‎08-27-2019 01:12 AM
Jump to solution

I'd do it this way

param (

     [array]$viservers=("vCenter1.domain","vcenter2.domain")

)

$creds = Get-Credential -Message "vCenter Credentials" -UserName "$($env:USERDNSDOMAIN)\$($env:USERNAME)"

$vSphereConns = Connect-VIServer -Server $viservers -Credential $creds

So it would default to vcenter1.domain and vcenter2.domain if not specified at the command line,  if you wanted to specify on the command line

scriptname.ps1 -viservers ("vcenter3.domain","vcenter4.domain","vcetner1.domain")

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

0 Kudos
5 Replies
LucD
Leadership
Leadership
‎08-26-2019 04:08 PM
Jump to solution

Can you elaborate a bit on what you mean with "... enters their domain creds that should work on either vCenter and allow them to perform the same steps. "

Do you mean that the user should be able to connect to the correct vCenter, based on his domain credentials?

How would you solve that for the password for the vCenter?

Afaik, there is no way to retrieve the user's password from the domain, and then use that for the vCenter connection.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
emcclure
Enthusiast
Enthusiast
‎08-26-2019 04:15 PM
Jump to solution

So our vCenters are on a domain and use domain authentication for our users.  Whatever rights you have in one with your domain account you should have the exact same in another.  So if a user runs this script and enters their domain creds, they should only have to enter them once and those creds should authenticate against both vCenters.  From that point when they run the script and say look for a folder called '100' it should be able to search both vCenters for that specific folder and then do the rest of the script as needed.

0 Kudos
LucD
Leadership
Leadership
‎08-26-2019 05:25 PM
Jump to solution

Just to make sure, the prompt the user gets for his credentials is generated by the script, and not a builtin Windows prompt.

With the latter, it would not be possible to intercept the the reply, and use it to authenticate against the vCenters.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
cryton2707
Enthusiast
Enthusiast
‎08-27-2019 01:12 AM
Jump to solution

I'd do it this way

param (

     [array]$viservers=("vCenter1.domain","vcenter2.domain")

)

$creds = Get-Credential -Message "vCenter Credentials" -UserName "$($env:USERDNSDOMAIN)\$($env:USERNAME)"

$vSphereConns = Connect-VIServer -Server $viservers -Credential $creds

So it would default to vcenter1.domain and vcenter2.domain if not specified at the command line,  if you wanted to specify on the command line

scriptname.ps1 -viservers ("vcenter3.domain","vcenter4.domain","vcetner1.domain")

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

0 Kudos
emcclure
Enthusiast
Enthusiast
‎08-27-2019 11:00 AM
Jump to solution

LucD,

Yes the prompt is from the script not a builtin Windows prompt.

0 Kudos