So I am having a problem with this script, I am trying to add on to the exceptions list for lockdown mode. And when I run it, it is replacing the whole list of users with just one user. Is there a way I can add on instead of replacing the whole list? I am trying to help automate the onboarding procedures for vcenter/esxi. The idea I thought might work is to call upon a csv with the list of users and just have the script initially add the new user to that csv. But I hoping there is a better way of keeping the exceptions list in tacked.
##############################################
# PowerCLI to create users and give them proper permissions
# Writen by McLovin on 11/03/2020
#############################################
$Credential = Import-CliXml -Path /Host_adminCred.xml
$esxihost = @(Host_Ip)
$vcenter = @(Vcenter_ip)
Connect-VIServer -Server $esxihost -Credential $Credential | Out-null
Write-host "Connected to $esxihost"
$username = read-host 'Input username'
$pass = read-host 'Input password'
foreach($esx in $esxihost){
Try{
Get-VMHostAccount -User $username -Server $esx -ErrorAction Stop
Write-host "$username is already in use."
}
Catch{
$user = New-VMHostAccount -Id $username -Password $pass -description Administrator -Server $esx
Write-host "$username has been created on $esx"
$rootfolder = Get-folder -server $esx -name root | select -first 1
New-ViPermission -Entity $rootfolder -Principal $username -Role Admin -Server $esx | out-null
Write-host "$username has been given $rootfolder permissions on $esx"
}
}
##############################################
# PowerCLI to add created user to the expections users and enable lockout mode.
# Writen by McLovin on 11/05/2020
#############################################
$AdminCredential = Import-CliXml -Path /VCA_AdminCred.xml
Connect-VIServer -Server $vcenter -Credential $AdminCredential | Out-null
Write-host "Connected to $vcenter"
$hosts = Get-VMhost
Foreach($vmhost in $hosts){
try{
$status = (Get-VMHost -name $vmhost).ExtensionData.Config.LockdownMode # checks lockdown mode
write-host "$status is set on $vmhost"
if($status -eq "lockdownDisabled"){
(get-vmhost $vmhost | get-view).EnterLockdownMode() # sets lockdown mode to enabled.
write-host "Lockdown is now set to enabled on $vmhost"
}
}
catch{
(Get-VMHost -name $vmhost).ExtensionData.Config.LockdownMode
write-host "Lockdown is already set to enabled on $vmhost"
}
$HostAccess = Get-View -Id $vmhost.ExtensionData.ConfigManager.HostAccessManager
$HostAccess.UpdateLockdownExceptions($username)
Write-host "$username has been added to the Exception Users List on $vmhost"
}
Write-host "Disconnecting from $esxihost"
Disconnect-VIServer -Server $esxihost -Force -confirm:$false
Write-host "Disconnecting from $vcenter"
Disconnect-VIServer -Server $vcenter -Force -confirm:$false
