0

I need a powercli script to automate some task in VC , I have found below script but here I can assign AD group permission to folder level. but I want to assign permission at VC level. is there any way we can do this.

$TargetVC="XXXX
Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false
Connect-VIServer -server $TargetVC
$rootFolder = (Get-Folder foldername)
$user = get-viaccount -domain 'Domain name' -group -id 'AD group'
$role = Get-VIRole -Name 'xxx'
New-VIPermission -Entity $TargetVC -Principal $user -Role $role -Propagate $true -Confirm:$false

also i need to create few vsphere.local users and assign readonly permissions. i am can't find any powercli script for this. kindly help to solve this

Regards, Karthick V

karthick
  • 317
  • 1
  • 3
  • 11

1 Answers1

0

you can utilize an additional module besides PowerCLI that will help you with this: https://github.com/vmware/PowerCLI-Example-Scripts so first git clone https://github.com/vmware/PowerCLI-Example-Scripts.git Then enter the directory and import the module for SSO

C:\Users\Greg-Admin\PowerCLI-Example-Scripts\Modules\VMware.vSphere.SsoAdmin> Import-Module .\VMware.vSphere.SsoAdmin.psd1

When you have it loaded, you can now connect to SSO:

Connect-SsoAdminServer -Server vc005.greg.labs -User 'administrator@vsphere.local' -Password 'VMware1!'

Name        : vc005.greg.labs
ServiceUri  : https://vc005.greg.labs/sso-adminserver/sdk/vsphere.local
User        : administrator@vsphere.local
Id          : /SsoAdminServer=vsphere.local/administrator@vc005.greg.labs
IsConnected : True
Client      : VMware.vSphere.SsoAdminClient.SsoAdminClient
RefCount    : 1

Once connected, you can create the user for your SSO domain, in my example i use vsphere.local

New-SsoPersonUser -UserName 'greg12' -Password '1!SecretPassword!1' -FirstName 'Greg' -LastName 'Gregzon' | Set-SsoPersonUser -Group (Get-SsoGroup -Domain 'vsphere.local' -Name Administrators) -Add

Name                            : greg12
Domain                          : vsphere.local
Description                     :
FirstName                       : Greg
LastName                        : Gregzon
EmailAddress                    :
Locked                          : False
Disabled                        : False
PasswordExpirationRemainingDays : 90

Which creates the user and adds the user into Administrators group in vsphere.local domain. If you want to solve this using SSH, you can do it by utilizing the command in vcenter appliance dir-cli

ssh root@vc005.greg.labs /usr/lib/vmware-vmafd/bin/dir-cli user create --account greg7 --first-name Grzegorz --last-name gregzon --user-password '1!SuperSecret1!' --password 'VMware1!'

Assuming you have your public key added in the root .ssh/authorized_keys, it should not prompt for password.

Gregu
  • 1