Hi,
I am trying to import the permission from excel file which as the contents as below and I am unable to import and getting error.
The Principal are AD Groups and Users
Please help!!
Import-excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
Foreach-Object -process {
$sPerm = @{
Entity = Get-Inventory -Name $row.Entity
Role = Get-VIRole -name $row.Role
Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false
}
New-Vipermission @Sperm
}
Excel File
Error
Get-Inventory : 8/25/2022 12:29:58 AM Get-Inventory Inventory with name '192.168.1.x_3010' was not found using the specified filter(s).
At D:\Import_Permissions.ps1:6 char:18
+ Entity = Get-Inventory -Name $row.Entity
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Inventory], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetInventory
Foreach-Object : Cannot bind parameter 'Entity'. Cannot convert the "" value of type "System.Management.Automation.PSCustomObject" to type "VMware.VimAutomation.Sdk.Types.V1.VIObject".
At D:\Import_Permissions.ps1:4 char:1
+ Foreach-Object -process {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand
Get-Inventory : 8/25/2022 12:23:23 AM Get-Inventory Inventory with name 'MyNim-DS01' was not found using the specified filter(s).
At D:\Import_Permissions.ps1:6 char:18
+ Entity = Get-Inventory -Name $row.Entity
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Inventory], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetInventory
Foreach-Object : Cannot bind parameter 'Entity'. Cannot convert the "" value of type "System.Management.Automation.PSCustomObject" to type "VMware.VimAutomation.Sdk.Types.V1.VIObject".
At D:\Import_Permissions.ps1:4 char:1
+ Foreach-Object -process {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand
You could do
$reportName = ".\Export_Permission.xlsx"
Import-Excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
ForEach-Object -Process {
$sPerm = @{
Entity = & {
switch ($row.'Entity Type') {
'Network' {
$row.VMHost -split '\|' | ForEach-Object -Process {
$vmhost = Get-View -ViewType HostSystem -Filter @{Name=$_}
$row.Network -split '\|' | Sort-Object -Unique | ForEach-Object -Process {
$netMoRef = $_
$net = $vmhost.Network | Where-Object { $_ -eq $netMoRef }
Get-VIObjectByVIView -MORef $net
}
}
}
'Datastore' {
Get-Datastore -Name $row.Entity
}
Default {
Get-Inventory -Name $row.Entity
}
}
}
Role = Get-VIRole -Name $row.Role
Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false
}
foreach($entity in $sPerm.Entity){
$sPerm2 = $sPerm.Clone()
$sPerm2.Entity = $entity
New-VIPermission @sPerm2 |
Select @{N='Entity';E={$_.Entity.Name}},Role, Principal, Propagate, IsGroup
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Unfortunately, Get-Inventory does NOT return Portgroups and Datastore.
The reason I wrote my Get-InventoryPlus function.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
So for the importing, can I use the Get-InventoryPlus function the above script for importing the permissions ?
No, the Get-InventoryPlus function does not support a Name parameter.
Nor does it return an object that can be used with New-VIPermission.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
then which is the best way to import and export permissions
as I am using below script to export and I would like to import the permissions
#Export Permission
$reportName = ".\Export_Permission.xlsx"
Get-VIPermission | Select @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
Principal,Role,Propagate,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}} | Export-excel -Path ".\Export_Permission.xlsx"
You could do something like this.
Note that the switch probably needs other cases, depending on all VI objects that are not returned by Get-Inventory
Import-excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
Foreach-Object -process {
$sPerm = @{
Entity = &{
switch($row.'Entity Type'){
'Network' {
Get-VirtualPortgroup -Name $row.Entity
}
'Datastore' {
Get-Datastore -Name $row.Entity
}
Default {
Get-Inventory -Name $row.Entity
}
}
}
Role = Get-VIRole -name $row.Role
Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false
}
New-Vipermission
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
When I tried your script, I am getting the same error.
I am also attaching the import excel file for your reference
Get-Inventory : 8/25/2022 3:07:15 AM Get-Inventory Inventory with name 'MyNim-DS01' was not found using the specified filter(s).
At D:\Import_Permissions.ps1:15 char:15
+ Get-Inventory -Name $row.Entity
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Inventory], VimException
+ FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetInventory
Foreach-Object : Cannot bind parameter 'Entity'. Cannot convert the "" value of type "System.Management.Automation.PSCustomObject" to type "VMware.VimAutomation.Sdk.Types.V1.VIObject".
At D:\Date\Import_Export_Roles_Permissions\Permissions\04_Import_Permissions.ps1:4 char:1
+ Foreach-Object -process {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand
The switch should have been on 'Entity Type'.
I corrected the code above.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
It worked for Datastore and folder but for Network, it failed.
Role Principal Propagate IsGroup
---- --------- --------- -------
VC_User_Role MYDOMAIN\vcgroup True True
VC_User_Role MYDOMAIN\vcgroup True True
Foreach-Object : Cannot process argument transformation on parameter 'Entity'. This parameter no longer accepts an array. As an alternative you may pass multiple values by pipeline (if supported by the
parameter).
At D:\Import_Permissions.ps1:4 char:1
+ Foreach-Object -process {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [ForEach-Object], ParameterBindingArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Microsoft.PowerShell.Commands.ForEachObjectCommand
But when I validated for Datastore and folder Permissions, the role shows as null
That seems to indicate you have Portgroups with the same name.
Without Switch information that will be impossible to determine which one is intended
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
We are using portgroups which are part of standard switch. using the below command, I can get the switch name but it shows multiple times from all the hosts, in this case, how can I provide permission for portgroups?
Get-VirtualPortGroup | Select Name, VirtualSwitch
There isn't enough information in the XLSX file to determine which Portgroup is targeted.
You would need to export the ESXi node name and the VirtualSwitch name as well.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD,
how can I add the below to the export script. All the ESXi hosts has the same Portgroup Name, Switch Names
Get-VirtualPortGroup -Name "172.27.1.x_3010" | Select Name, VirtualSwitch, @{N="HostName"; E={get-vmhost -id $_.VMHostid}}
$reportName = ".\Export_Permission.xlsx"
Get-VIPermission | Select @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
Principal,Role,Propagate,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}} | Export-excel -Path ".\Export_Permission.xlsx"
After some playing around I found out that the vSwitch is not even needed, just the Network MoRef as known on the ESXi node.
But be aware this only works for VSS Portgroups, not VDS portgroups!!
To export
$reportName = ".\Export_Permission.xlsx"
Get-VIPermission |
Select @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
Principal,Role,Propagate,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}},
@{N='VMHost';E={$script:vmhost = Get-View -Id (Get-View -Id $_.Entity.Id).Host
$script:vmhost.Name}},
@{N='Network';E={
$net = $_.Entity.Id
$script:vmhost.Network.Where{$_ -eq $net}}} |
Export-excel -Path $reportName -WorksheetName Permissions
And to import
$reportName = ".\Export_Permission.xlsx"
Import-Excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
ForEach-Object -Process {
$sPerm = @{
Entity = & {
switch ($row.'Entity Type') {
'Network' {
$vmhost = Get-View -ViewType HostSystem -Filter @{Name=$row.VMHost}
$net = $vmhost.Network | Where-Object { $_ -eq $row.Network }
Get-VIObjectByVIView -MORef $net
}
'Datastore' {
Get-Datastore -Name $row.Entity
}
Default {
Get-Inventory -Name $row.Entity
}
}
}
Role = Get-VIRole -Name $row.Role
Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false
}
New-VIPermission
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
While exporting the network VMHost and Network shows as System.Object[]
That is caused by having VSS portgroups with the same name on multiple ESXi nodes.
Try the following updated versions.
To export
$reportName = ".\Export_Permission.xlsx"
Get-VIPermission |
Select @{N='vCenter';E={$_.Uid.Split('@:')[1]}},
Principal,Role,Propagate,
@{n='Entity';E={$_.Entity.Name}},
@{N='Entity Type';E={$_.EntityId.Split('-')[0]}},
@{N='VMHost';E={$script:vmhost = Get-View -Id (Get-View -Id $_.Entity.Id).Host
$script:vmhost.Name -join '|'}},
@{N='Network';E={
$net = $_.Entity.Id
$script:vmhost.Network.Where{$_ -eq $net} -join '|'}} |
Export-Excel -Path $reportName -WorksheetName Permissions
To import
$reportName = ".\Export_Permission.xlsx"
Import-Excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
ForEach-Object -Process {
$sPerm = @{
Entity = & {
switch ($row.'Entity Type') {
'Network' {
$row.VMHost -split '\|' | ForEach-Object -Process {
$vmhost = Get-View -ViewType HostSystem -Filter @{Name=$_}
$row.Network -split '\|' | Sort-Object -Unique | ForEach-Object -Process {
$netMoRef = $_
$net = $vmhost.Network | Where-Object { $_ -eq $netMoRef }
Get-VIObjectByVIView -MORef $net
}
}
}
'Datastore' {
Get-Datastore -Name $row.Entity
}
Default {
Get-Inventory -Name $row.Entity
}
}
}
Role = Get-VIRole -Name $row.Role
Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false
}
foreach($entity in $sPerm.Entity){
$sPerm2 = $sPerm.Clone()
$sPerm2.Entity = $entity
New-VIPermission @sPerm2
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
That worked. In the import script, how can we add the entity name in the output ?
Role Principal Propagate IsGroup
---- --------- --------- -------
VC_User_Role MUDOMAIN\vcgroup True True
VC_User_Role MUDOMAIN\vcgroup True True
VC_User_Role MUDOMAIN\vcgroup True True
VC_User_Role MUDOMAIN\vcgroup True True
Not sure what you mean, the export script adds the Entity name.
What you show seems to be the output from a Get-VIPermission cmdlet
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
I meant, when I execute the import script, after the permission is added, I see a output on the screen.
Example as below. Here I am not sure for which Entity the permission was added, so identify, Is there a way to view Entity Name along with the below output, when the import permission is executed ?
Current Output
Role Principal Propagate IsGroup
---- --------- --------- -------
VC_User_Role MUDOMAIN\vcgroup True True
Desired Output on screen
Entity Role Principal Propagate IsGroup
---- ---- --------- --------- -------
Nim-DS01 VC_User_Role MUDOMAIN\vcgroup True True
You could do
$reportName = ".\Export_Permission.xlsx"
Import-Excel -Path $reportName -WorksheetName Permissions -PipelineVariable row |
ForEach-Object -Process {
$sPerm = @{
Entity = & {
switch ($row.'Entity Type') {
'Network' {
$row.VMHost -split '\|' | ForEach-Object -Process {
$vmhost = Get-View -ViewType HostSystem -Filter @{Name=$_}
$row.Network -split '\|' | Sort-Object -Unique | ForEach-Object -Process {
$netMoRef = $_
$net = $vmhost.Network | Where-Object { $_ -eq $netMoRef }
Get-VIObjectByVIView -MORef $net
}
}
}
'Datastore' {
Get-Datastore -Name $row.Entity
}
Default {
Get-Inventory -Name $row.Entity
}
}
}
Role = Get-VIRole -Name $row.Role
Principal = $row.Principal
Propagate = $row.Propagate
Confirm = $false
}
foreach($entity in $sPerm.Entity){
$sPerm2 = $sPerm.Clone()
$sPerm2.Entity = $entity
New-VIPermission @sPerm2 |
Select @{N='Entity';E={$_.Entity.Name}},Role, Principal, Propagate, IsGroup
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference