- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Get-VIPermission for each VM in vCenter
Hi,
I am looking for a way to display the VIPermissions of each VM listed in vCenter without entering a command for each VM (as there are hundreds).
Here is what I would like to automate....
- Connect to my vCenter Connect-VIServer vcentername
- List all my VM's Get-VM | Format-Table Name
- List my permissions for each VM Get-VIPermission vmname
Here is the closest I've come to getting what I'm looking for accept my output file does not include the VM names accociated with the permissions.
Get-VM -Server esxhostname | ForEach-Object {Get-VIPermission -Server vcentername $_.name} | Export-Csv C:\temp\exportfile.csv
or
Get-VM | ForEach-Object {Get-VIPermission -Server vcentername $_.name} | Export-Csv C:\temp\exportfile.csv
Thanks in advance,
M
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Here's something that may work for you:
$vmPermissions = @{}
Get-VM | % {
$vmPermission[($_.Name)] = ($_ | Get-VIPermission)
}
This way you'll have a hash table, containing as keys the VM names and for values, the corresponding VIPermissions. It'll look something like:
Name Value
---- -----
VMWindows {ReadOnly-SYSTEM-DOMAIN\readuser-user, Admin-SYSTEM-DOMAIN\administrator-user, Admin-root-user}
VMLinux {ReadOnly-SYSTEM-DOMAIN\readuser-user, Admin-SYSTEM-DOMAIN\administrator-user, Admin-root-user}
VMGuestLinux {ReadOnly-SYSTEM-DOMAIN\readuser-user, Admin-SYSTEM-DOMAIN\administrator-user, Admin-root-user}
$vmPermissions["VMLinux"]
Role Principal Propagate IsGroup
---- --------- --------- -------
ReadOnly SYSTEM-DOMAI... True False
Admin SYSTEM-DOMAI... True False
Admin root True False
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try something like this
&{foreach($vm in Get-VM){ Get-VIPermission -Entity $vm |
Select @{N="VM";E={$vm.Name}},*
}} | Export-Csv C:\report.csv -NoTypeInformation -UseCulture
This will include all the properties of the object coming from the Get-VIPermission cmdlet.
If you don't want certain properties in the report, you can do something like this
&{foreach($vm in Get-VM ){ Get-VIPermission -Entity $vm |
Select -ExcludeProperty EntityId,ExtensionData,Uid -Property @{N="VM";E={$vm.Name}},*
}} | Export-Csv C:\report.csv -NoTypeInformation -UseCulture
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exactly what I was looking for... thanks.
&{foreach($vm in Get-VM){
Get-VIPermission -Entity $vm | Select -ExcludeProperty EntityId,ExtensionData,Uid -Property @{N="VM";E={$vm.Name}},*}} | Export-Csv C:\temp\outputfile.csv -NoTypeInformation -UseCulture
Output as follows for all VMs
| VM | Entity | Role | Principal | Propagate | IsGroup |
| LABBMC001 | Datacenters | Admin | Administrators | TRUE | TRUE |
| LABBMC001 | Datacenters | Admin | CBS\Domain Admins | TRUE | TRUE |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great Code!! worked Great!!
just a Few Changes. I use get-view as the response is much faster for large environments. and added filter cause I only needed the users/groups from my domain.
&{foreach($vm in get-view -ViewType VirtualMachine){Get-VIPermission -Entity $vm.name | ?{$_.Principal -like "*<domain>*"} | Select -Property @{N="VM";E={$vm.Name}},Role,Principal}}