mbabu1's Posts

Hi LucD, We have a few clusters where the hosts don't seem to have joined to a domain under authentication services.  Is there a script available where a it will join the domain by providing the domain, username and password. At the moment we have over 100 hosts with this issue. See attached picture of the settings. Thanks in advance. Mo    

Hi, I have the below script which was kindly put together by LucD. The current script creates a local account, creates the role, maps the account to the role and adds user to the lockdown exceptions. The change I wish to make is instead of creating a local account, I want the script to get the domain account RAC\svc_test_01 and carry out the rest accordingly. Please help, any help will be much appreciated.   $newUsers = "svc_test_lt01","svc_test_lt02" $newPassword = "VMware1!" $roleName = "test_Role" $privileges = 'Authorization.ModifyPermissions', 'Host.Config.SystemManagement', 'Host.Local.ManageUserGroups' Import-Csv "C:\Temp\Mo\hosts.csv" | ForEach-Object -Process { $srv = Connect-VIServer -Server $_.Hostname -User 'root' -Password 'Password01' $priv = Get-VIPrivilege | Where-Object { $_.Id -in $privileges } # If Role exists assign new privileges, else create Role $role = Get-VIRole -Name $roleName -ErrorAction SilentlyContinue if ($role) { $role = Set-VIRole -Role $role -AddPrivilege $priv -Confirm:$false } else { $role = New-VIRole -Name $roleName -Privilege $priv -Server $srv -Confirm:$false } $accounts = @() $newUSers | ForEach-Object -Process { # If Account exists set new password, else create Account $account = Get-VMHostAccount -Id $_ -ErrorAction SilentlyContinue if ($account) { $account = Set-VMHostAccount -UserAccount $account -Password $newPassword } else { $account = New-VMHostAccount -Id $_ -Password $newPassword -GrantShellAccess:$true ` -Description 'test User Access' -UserAccount -Server $srv } $accounts += $account # If Permission exists set new Role, else create Permission $folder = Get-Folder -Name "root" -Server $srv $perm = Get-VIPermission -Entity $folder -Principal $_ -ErrorAction SilentlyContinue if (!$perm) { $perm = New-VIPermission -Entity $folder -Principal $_ -Role $role -Server $srv -Propagate $true -Confirm:$false } else { $perm = Set-VIPermission -Permission $perm -Role $role -Propagate $true } } # Add users to lockdown exceptions $esx = Get-VMHost $accessMgr = Get-View $esx.ExtensionData.ConfigManager.HostAccessManager $oldLockDownMode = $accessMgr.LockdownMode if ($oldLockDownMode -ne [VMware.Vim.HostLockdownMode]::lockdownDisabled) { $accessMgr.ChangeLockdownMode([VMware.Vim.HostLockdownMode]::lockdownDisabled) } $accessMgr.UpdateLockdownExceptions($accounts) if ($oldLockDownMode -ne [VMware.Vim.HostLockdownMode]::lockdownDisabled) { $accessMgr.ChangeLockdownMode($oldLockDownMode) } Disconnect-VIServer -Server $srv -Confirm:$false }