I am getting error while importing vcnter roles and permission using LUCD script
error:
Set-Permission : Cannot process argument transformation on parameter 'object'. Cannot convert the
"System.Object[]" value of type "System.Object[]" to type "VMware.Vim.ManagedEntity".
At C:\Users\Administrator\Documents\vSphere permissions import.ps1:70 char:20
+ Set-Permission $entity $perm -ErrorAction SilentlyContinu
+ ~~~~~~~
+ CategoryInfo : InvalidData: (:) [Set-Permission], ParameterBindingArgumentTransformatio
nException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-Permission
Exception calling "SetEntityPermissions" with "2" argument(s): "
Required parameter entity is missing
while parsing call information for method SetEntityPermissions
at line 1, column 171
while parsing SOAP body
at line 1, column 64
while parsing SOAP envelope
at line 1, column 0
while parsing HTTP request for method setEntityPermissions
on object of type vim.AuthorizationManager
at line 1, column 0"
At C:\Users\Administrator\Documents\vSphere permissions import.ps1:27 char:5
+ $perms = $authMgr.SetEntityPermissions($object.MoRef,@($permissio ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : VimException
: scripts
###Import roles###
function New-Role
{
param($name, $privIds)
Begin{}
Process{
$roleId = $authMgr.AddAuthorizationRole($name,$privIds)
}
End{
return $roleId
}
}
function Set-Permission
{
param(
[VMware.Vim.ManagedEntity]$object,
[VMware.Vim.Permission]$permission
)
Begin{}
Process{
$perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))
}
End{
return
}
}
# Create hash table with the current roles
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | % {
$roleHash[$_.Name] = $_.RoleId
}
# Read XML file
$XMLfile = “C:\roles-permissions.xml”
$vInventory = [xml]"<dummy/>"
$vInventory.Load($XMLfile)
# Define Xpaths for the roles and the permissions
$XpathRoles = “Inventory/Roles/Role”
$XpathPermissions = “Inventory/Permissions/Permission”
# Create custom roles
$vInventory.SelectNodes($XpathRoles) | % {
if(-not $roleHash.ContainsKey($_.Name)){
$privArray = @()
$_.Privilege | % {
$privArray += $_.Name
}
$roleHash[$_.Name] = (New-Role $_.Name $privArray)
}
}
# Set permissions
$vInventory.SelectNodes($XpathPermissions) | % {
$perm = New-Object VMware.Vim.Permission
$perm.group = &{if ($_.Group -eq “true”) {$true} else {$false}}
$perm.principal = $_.Principal
$perm.propagate = &{if($_.Propagate -eq “true”) {$true} else {$false}}
$perm.roleId = $roleHash[$_.Role]
$EntityName = $_.Entity.Replace(“(“,“\(“).Replace(“)”,“\)”)
$EntityName = $EntityName.Replace(“[","\[").Replace("]“,“\]”)
$EntityName = $EntityName.Replace(“{“,“\{“).Replace(“}”,“\}”)
$entity = Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}
Set-Permission $entity $perm -ErrorAction SilentlyContinu
}
It looks as if
Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}
is returning more than 1 object.
Are you perhaps connected to more than 1 vCenter?
Check what $global:defaultVIServers returns.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
there is only one connection . I run disconnect-viserver * before I start
Then you should try to find out what exactly is in $EntityName
Add a Write-Host before the Get-View line
Write-Host "Entity: $EntityName"
$entity = Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
thanks again man. the datacenter and cluster name was not matching in two vcnters
the script you have works for adding AD users, do you have anything to export local user names
The export script just uses Get-VIPermission, that should return any principals, AD or local.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference