Is it somehow possible to change the password of a local vra user (vsphere.local?)
Yes, via the API. I'm not in a position to get to my lab at the moment to grab the URI on body. Will add it for you shortly.
Grant
URL is "/identity/api/tenants/{TenantId}/principals/{PrincipalId}"
You can do it easily with the latest release of PowervRA since we have added a Set-vRAUserPrincipal function GitHub - jakkulabs/PowervRA: vRealize Automation PowerShell Toolkit
e.g.:
Set-vRAUserPrincipal -Id user@vsphere.local -Password s3cur3p@ss!
Hi.. did anyone find answer for this..
am unable to get to the URL mentioned... "/identity/api/tenants/{TenantId}/principals/{PrincipalId}"
It says .. 404-Authentication Required.
Is there any other way to access default workflow...?
I need to change password for configurationadmin@vsphere.local.
Before using the URL to change the password you'll need to generate an authentication token to use with the REST request, its detailed here on how to generate one: vRealize Automation 7.0
Or you could just use PowervRA to do it, where we handle that hassle for you 😉
Craig did a write up of it here: https://www.helloitscraig.co.uk/2016/07/managing-local-users-powervra.html
i tried same command that is mentioned here but i am getting vra api version error:-
How can i resolve this?
What version of vRA are you running it against?
vRA 7.0
hmm...we've tested this in our own systems against 7.0 and 7.0.1. Just tried the following in my 7.0 system and works fine:
Set-vRAUserPrincipal -Id configurationadmin@vsphere.local -Password xxxxxxxx
What do you get as an output for $vRAConnection? Mine is below, should show an APIversion of 7.0
Server : https://vraap02.vrademo.local
Token : MTQ3MzQxMDgyNjgxODo3NGY5NTdhNjE2YWM2ODAxNTJkZDp0ZW5hbnQ6dnNwaGVyZS5sb2NhbHVzZXJuYW1lOmFkbWluaXN0cmF0b3JAdnNwaGVyZS5sb2NhbGV4cGlyYXRpb246MTQ3MzQzOTYyNjAwMDpmMjQ0ZWZk
YTJkNmE2MjQwODg3MTkyNTc5YjY1YTM2MjJjNzA1MGNkN2FkMGRlZjRhODFjZjY0OTNhZGQyZGJmNjg4YTZmYTEyY2U0OWYzODIxZjYxZDdmYWEyNGYzZGZiYzQ0NGI3ZGFjNzU1MmYyMTYyZDc1YWJjZTBiMjZjZA==
Tenant : vsphere.local
Username : administrator@vsphere.local
APIVersion : 7.0
SignedCertificates : False
There is a test at the beginning of the Set-vRAUserPrincipal function to test for the API version and will throw an error if less than 7.
# --- Test for vRA API version
if ($Global:vRAConnection.APIVersion -lt 7){
throw "$($MyInvocation.MyCommand) is not supported with vRA API version $($Global:vRAConnection.APIVersion)"
}
where should i run this $vRAConnection?
It gets created when you make the connection to the vRA Appliance via Connect-vRAServer. You have done that right? If not, it needs to be run before you can use any of the PowervRA functions.
Now i have executed this against my vra appliance as server name but i am still getting error stating this resource not found however this user account was created as the part of the installation:-
OK, it is saying that the account configurationadmin@vsphere.local does not exist. What Tenant did you connect to with Connect-vRAServer? It should have been vsphere.local to be able to work with that account I believe.
Get-vRAUserPrincipal will also show you which accounts are available for manipulation based on the connection you made.
Get-vRAUserPrincipal shows nothing. But how come it is possible we provided the configurationadmin details while installing IaaS. it's fresh installation and we have default tenant only. Is it a bug in vra product that configurationadmin account doesn't gets created although password is configured for this account during installation as i faced this issue in many deployments but not in all?
Haven't seen that issue. Might be worth creating a fresh post in the community with that specific issue, or talking to VMware support.
If you don't configure the configurationadmin at the last step during the installation of vRA using wizard, this user doesn't get created. The command works well for the local users.