I have about 50 esx servers I need to change the root and one other additional local user password (lets say vmuser) pwds. This would save me tons of time if this could be automated with powershell. Does anyone know if this can be done? Thanks for your time
Jason
There has been some discussions on adding ESX host accounts recently (see ).
In that thread a problem with the CreateUser method and the shell field in the passwd file came to light.
To solve it the HostPosixAccountSpec object needs to be used.
For your question, this script should do what you require
Connect-VIServer -Server <VC-server> $rootpswd = <root-password> $accspec1 = New-Object VMware.Vim.HostPosixAccountSpec $accspec1.id = "root" $accspec1.password = <new-root-password> $accspec1.shellAccess = "/bin/bash" $accspec2 = New-Object VMware.Vim.HostPosixAccountSpec $accspec2.id = "vmuser" $accspec2.password = <new-vmuser-password> $accspec2.shellAccess = "/bin/bash" Get-VMHost | %{ Connect-VIServer $_.Name -User root -Password $rootpswd $si = Get-View ServiceInstance $acctMgr = Get-View -Id $si.content.accountManager $acctMgr.UpdateUser($accspec1) $acctMgr.UpdateUser($accspec2) }
You didn't state if these 50 ESX servers are all your ESX servers.
If not, the Get-VMHost will have to be replaced by something else.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD,
I tried to use your script but get below error, could you please suggest?
You cannot call a method on a null-valued expression.
At line 9, position 73
$acctMgr = Get-View -Id $si.content.accountManager $acctMgr.UpdateUser($accspec1)
Thanks
Apparently the forum SW dropped some line feeds while you copied the script.
Try the attached version.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi,
I could get rid-off the null valued expression error below but now getting below even though the password got changed successfully. Any idea what this is related to ?
A parameter cannot be found that matches parameter name ''.
At line 9, position 20
$acctMgr = Get-View -Id $si.content.accountManager $acctMgr.UpdateUser($accspec1)
Thanks
sorry spoke too early I saw your latest response and the script actually worked wihtout any errors. When i viewed the code i couldn't really find anything changed except for the formatting. Do you mean that could create the difference in errors i was getting?
Yes, the line in the message should in fact be 2 lines.
The forum SW, depending on the browser you're using, seems to have this strange behavior.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Cool..how do i secure the password i am typing?. I tried the steps suggested in few forums but couldn't succed. Actually get-credential worked but not sure how to assign it to $accspec1.password variable..any idea?
I got it...below is the simple code.
$newpswd= Get-Credential root
$accspec1 = New-Object VMware.Vim.HostPosixAccountSpec
$accspec1.Id ="root"
$accspec1.Password = $newrootpswd.GetNetworkCredential().Password
Hi
I have been using this script to change root password on multiple hosts. There is one problem, if there is an issue with any 1 host, the script terminates. I end up with only half the servers done and since the current root password becomes mismatched, I cannot run this anymore.
Is there a way to add error-check or something so the script skips any problem hosts and moves on changing the rest of the hosts? help appreciated
What is the type of error you get when the script fails on a host ?
Could you perhaps include the error message and the script you're actually using ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Script I am using is attached.
the script works perfectly fine if I have multiple hosts that have exact old password and am changing to new one.
Problem is when it is running through the 1...50 hosts and hiccups on say #33 because someone had changed the password to anything else other than what is listed as current root password in the above script. The script then fails with bad password on that host and does not continue to the rest of 34-50 hosts either. I want to be able to mark the one with the problem but still move ahead changing the pwd on rest of them.
Maybe before the script runs we could check password age on all hosts and make sure it is same? I am not sure how to do this.
You can use the ErrorAction parameter to continue when a Connect-VIServer fails.
At the end the script dumps all errors so you can see on which hosts it failed.
$errReport =@() $rootpswd = <root-password> $accspec1 = New-Object VMware.Vim.HostPosixAccountSpec $accspec1.id = <account> $accspec1.password = <new-password> $accspec1.shellAccess = "/bin/bash" Get-VMHost | % { Connect-VIServer $_.Name -User root -Password $rootpswd -ErrorAction SilentlyContinue -ErrorVariable err $errReport += $err if($err.Count -eq 0){ $si = Get-View ServiceInstance $acctMgr = Get-View -Id $si.content.accountManager $acctMgr.UpdateUser($accspec1) } $errReport += $err $err = "" } $errReport
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
This can also be done with Koen Warsons ESX tasks
yes, this works. thanks so much.
will also checkout the svmotion script. thanks again
I get an error when I try to run this script, this is the same for both the useraccount and the root account
Get-View : The argument cannot be null or empty.
At changepwd.ps1:18 char:26
+ $acctMgr = Get-View -Id <<<< $si.content.accountManager
You cannot call a method on a null-valued expression.
At changepwd.ps1:20 char:22
+ $acctMgr.UpdateUser( <<<< $accspec1)
You cannot call a method on a null-valued expression.
At changepwd.ps1:21 char:22
+ $acctMgr.UpdateUser( <<<< $accspec2)
Help please!
I've recently upgraded to the new VIToolkit, could this be the problem, has the syntax changed?
Thanks,
Roger.
what do we do if the ESXi host has lockdown mode enabled ?
I tried conencting to VC and then use Get-VMHostAccount, it fails.
Connect-VIServer vcserver
$h = get-VMHost myESXi
Get-VMHostAccount -server $h.moref
error: Operation not supported
If security permits, you could use the Set-TkeVMHostLockdown function (Community extensions) to temporarily remove the lockdown mode.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I have a Problem, that i cannot add one esx host to one cluster. The root Pw dont work.
I cannot shutdown the machine, while there are many vms running and i dont become an Maintance window for that.
Is there a way to change the root Pw without knowing the old one??
I know that is unsecure.
pls Help
Afaik, not without rebooting the ESX server
But can't you vMotion the VMs to another ESX server and then perform the reboot ?
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference