VMware Cloud Community
RobMokkink
Expert
Expert

bug in new-vipermission

I am trying to give an AD group admin permission in ESXi like so:

new-vipermission -role Admin -Principal example\esxoperators -Propagate $true

I get an error:

could not find VI account: example\esxoperators

Authentication services are configured etc. In the viclient in can select the group, but not in powercli.

What am i doing wrong?

Reply
0 Kudos
9 Replies
ykalchev
VMware Employee
VMware Employee

Hi Rob,

Have you tried with PowerCLI 4.1?

We've made some improvements for domain accounts support in New-VIPermission but since Host Authentication services are new to vSphere 4.1 it may still experience some problems.

Let me know if the problem still exists so we can address it asap.

You can also check Carter's post for other solution.

Regards,

Yasen Kalchev

PowerCLI Dev Team

Yasen Kalchev, vSM Dev Team
RobMokkink
Expert
Expert

I have powercli version 4.1

I noticed some more problems today with using the Clone_VM task, ip adres settings were not applied

I will have look at Carters post.

Reply
0 Kudos
RobMokkink
Expert
Expert

The code from Carter does not work. I am looking at it, but the way it is writen its hard to understand what is going on.

Reply
0 Kudos
RobMokkink
Expert
Expert

I found this old script:

http://www.yellow-bricks.com/2008/11/06/adding-users-roles-with-powershell/

And using AuthorizationManager that way i can add users from AD.

Reply
0 Kudos
ggochkov
VMware Employee
VMware Employee

Hi Rob,

I tried the same line several times with different domain groups for -Principal. The permission is created and everything seems to be OK. But if I mistake the domain group name I receive the same error: "Could not find VIAccount with name...".

Could you check the name of the group "example\esxoperators" is the correct group name?

If not could you provide more details whether this group is accesible from the VC? You could simply check it using Remote Desktop to the VC with the VC user and assigning this group permission to some file or folder there.

Thanks,

Gospodin!

Reply
0 Kudos
RobMokkink
Expert
Expert

The permission are assigned to the local ESXi or ESX server not vCenter.

The group name etc are all correct.

Reply
0 Kudos
ggochkov
VMware Employee
VMware Employee

I checked it with an ESXi in domain and found the same problem - I will report an issue for this item.

Thanks,

Gospodin!

Reply
0 Kudos
RobMokkink
Expert
Expert

Oke cool.

Do you raise an SR or do you work at VMware?

Reply
0 Kudos
ggochkov
VMware Employee
VMware Employee

I'm VMWare employee.

Thanks,

Gospodin!

Reply
0 Kudos