Change root password on all (or some) vSphere hosts

Change root password on all (or some) vSphere hosts

I created this script because I was surprised I couldn't find any similar solution online, and our current password management solution (Cyber-Ark Password Vault) can't manage ESXi root passwords without a bunch of hacking. This is meant to be an interactive script, that I personally will be running every quarter. This script:

  • prompts you for the old password

  • prompts you for the new password

  • prompts you for the vCenter server name

  • prompts you for vCenter credentials

  • Queries vCenter for all hosts that you wish. See "Host selection section" in the middle of the script to tweak what hosts it may find

  • Disconnects from vCenter

  • Connects to each host individually and changes the root password

(Update: Apparently I wasn't searching well before. I found a couple other similar scripts. I'll leave this here just because!)

(Update 2: Attaching script file as well)

#Read in old passwords, masked
$oldpw = read-host -prompt "Enter the current root password" -AsSecureString
$newpw = read-host -prompt "Enter the desired new root password" -AsSecureString
#Decrypting for actual use
$oldpw = [http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::PtrToStringAuto([http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::SecureStringToBSTR($oldpw))
$newpw = [http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::PtrToStringAuto([http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::SecureStringToBSTR($newpw))

#Get list of ESXi hosts
$vCenter = Read-host -prompt "Enter the vCenter hostname:"
write-host "Prompting for credentials and connecting to vCenter..."
connect-viserver -server $vCenter -Credential (Get-Credential)
$hosts = @()
write-host "Querying for ESXi hosts..."

# Host selection section
# Uncomment only one Get-VMHost line

#Only ESXi hosts
Get-VMHost | sort | Where {$_.State -eq "Connected" -or $_.State -eq "Maintenance"} | Get-View | Where {$_.Summary.Config.Product.Name -match "i"} | % { $hosts+= $_.Name }
#All hosts
#Get-VMHost | sort | Where {$_.State -eq "Connected" -or $_.State -eq "Maintenance"} | % { $hosts+= $_.Name }
#All vSphere hosts (>= version 4.0.0)
#Get-VMHost | sort | Where {($_.State -eq "Connected" -or $_.State -eq "Maintenance") -and $_.version -ge '4.0.0'} | % { $hosts+= $_.Name }

Disconnect-VIServer -confirm:$false

#Connect to each ESXi host and change pw
foreach ($vmhost in $hosts) {
    write-host "Connecting to $vmhost..."
    connect-viserver -server $vmhost -user root -password "$oldpw"
    write-host "Changing root password on $vmhost..."
    Set-VMHostAccount -UserAccount root -password "$newpw"
    Disconnect-VIServer -confirm:$false


Nice script.

Could you perhaps attach it as a file ?

The forum SW doesn't like square brackets.


Blog: LucD notes

Twitter: lucd22

Done. Thanks LucD. A small compliment from you is huge to me. You are the single most valuable contributer to any community on any subject that I've witnessed.

Version history
Revision #:
1 of 1
Last update:
‎07-01-2010 02:13 PM
Updated by: