Highlighted
Expert
Expert

new-vmhostaccount with empty passwords

I always used carter his function to create users:

function Create-ShellUser {

param($id, $password="", $description=$null, $posixId=$null)

#ON ERROR CONTINUE

$erroractionpreference = "SilentlyContinue"

$si = get-view serviceinstance

$accountManager = get-view $si.Content.AccountManager

$as = new-object VMware.Vim.HostPosixAccountSpec

$as.id = $id

$as.password = $password

$as.description = $description

$as.shellAccess = $true

$as.posixId = $posixId

$accountManager.CreateUser($as)

But i doesn't accept the password to be $null

I also tryed using new-vmhostaccount, but again empty passwords are not permitted.

What to do to create users on esx servers, with empty password, so active directory authentication can work?

I could use plink, but i don't want to do that.

0 Kudos
7 Replies
Highlighted
User Moderator
User Moderator

The New-VMHostAccount defines the -Password parameter as "required".

The HostAccountSpec object on the other hand specifies the password property as optional.

Indeed, conflicting requirements.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Expert
Expert

I will have to dig deeper into the problem.

0 Kudos
Highlighted
User Moderator
User Moderator

Rob, just did some tests with the CreateUser method for an ESX server.

It looks as if the method also requires the password property to have a value different from $null or an empty string.

With the useradd command in the COS you can create accounts with no password.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
VMware Employee
VMware Employee

Hi,

The Password field is mark as optional in the API documentation because the HostAccountSpec type is also output object for some API methods and can be null if the user account is created in the console as Luc suggested.

However CreateUser method requires non-empty password, so we've make the parameter required also.

Regards,

Yasen

PowerCLI Dev Team

Yasen Kalchev, vSM Dev Team
0 Kudos
Highlighted
Expert
Expert

I will have to change the script so that i will use plink.

I am a little bit dissapointed the API changes every release of vSphere.

0 Kudos
Highlighted
Expert
Expert

I did some more tests, and it looks like that assigning the users a random password at the creation time, we still can use AD authentication.

So i will create a function to generate random passwords.

0 Kudos
Highlighted
Expert
Expert

Found on the internet this great post:

http://dmitrysotnikov.wordpress.com/2007/07/18/generate-random-password-with-powershell/

All our AD users now connect to the ESX servers without a problem.

0 Kudos