I created this script because I was surprised I couldn't find any similar solution online, and our current password management solution (Cyber-Ark Password Vault) can't manage ESXi root passwords without a bunch of hacking. This is meant to be an interactive script, that I personally will be running every quarter. This script:
prompts you for the old password
prompts you for the new password
prompts you for the vCenter server name
prompts you for vCenter credentials
Queries vCenter for all hosts that you wish. See "Host selection section" in the middle of the script to tweak what hosts it may find
Disconnects from vCenter
Connects to each host individually and changes the root password
(Update: Apparently I wasn't searching well before. I found a couple other similar scripts. I'll leave this here just because!)
http://communities.vmware.com/thread/172220
http://communities.vmware.com/thread/272863
(Update 2: Attaching script file as well)
#Read in old passwords, masked
$oldpw = read-host -prompt "Enter the current root password" -AsSecureString
$newpw = read-host -prompt "Enter the desired new root password" -AsSecureString
#Decrypting for actual use
$oldpw = [http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::PtrToStringAuto([http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::SecureStringToBSTR($oldpw))
$newpw = [http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::PtrToStringAuto([http://System.Runtime.InteropServices.marshal|http://System.Runtime.InteropServices.marshal]::SecureStringToBSTR($newpw))
#Get list of ESXi hosts
$vCenter = Read-host -prompt "Enter the vCenter hostname:"
write-host "Prompting for credentials and connecting to vCenter..."
connect-viserver -server $vCenter -Credential (Get-Credential)
$hosts = @()
write-host "Querying for ESXi hosts..."
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Host selection section
# Uncomment only one Get-VMHost line
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#Only ESXi hosts
Get-VMHost | sort | Where {$_.State -eq "Connected" -or $_.State -eq "Maintenance"} | Get-View | Where {$_.Summary.Config.Product.Name -match "i"} | % { $hosts+= $_.Name }
#All hosts
#Get-VMHost | sort | Where {$_.State -eq "Connected" -or $_.State -eq "Maintenance"} | % { $hosts+= $_.Name }
#All vSphere hosts (>= version 4.0.0)
#Get-VMHost | sort | Where {($_.State -eq "Connected" -or $_.State -eq "Maintenance") -and $_.version -ge '4.0.0'} | % { $hosts+= $_.Name }
Disconnect-VIServer -confirm:$false
#Connect to each ESXi host and change pw
foreach ($vmhost in $hosts) {
write-host "Connecting to $vmhost..."
connect-viserver -server $vmhost -user root -password "$oldpw"
write-host "Changing root password on $vmhost..."
Set-VMHostAccount -UserAccount root -password "$newpw"
Disconnect-VIServer -confirm:$false
}