Automation

 View Only
Expand all | Collapse all

Create a PowerCLI script to create a local User account on each Host in vCenter

  • 1.  Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 19, 2017 02:38 PM

    Hi Guys,

    I know this has been posted several times on here but I can't find the correct script for my application.

    I am setting up Solarwinds in my environment and it requires a local account with Read-Only access on each of the ESXi hosts. I am currently running ESXi 6.0U3a on all of my hosts.

    What I need is for the script to pull all of the hosts out of vCenter and add local account SOLSNMP and place it in the Read-only "Role"

    Thanks for any help

    BobK



  • 2.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 19, 2017 04:59 PM


  • 3.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 19, 2017 07:48 PM

    Here is what I tried based on the other script and the errors I am getting.

    $rootUser = 'root'

    $rootPswd = '*****'

    $userName = 'SOLSNMP'

    $esxName = 'pcoesxvm02.sgsolutions.local'

    $esx = Get-VMHost -Name $esxName

    Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

    Try{

        $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

    }

    Catch{

        $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

    }

    $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    if(!$perm){

        $root = Get-Folder -Name root -Server $esx.Name

        New-VIPermission -Entity $root -Principal $userName -Role Read-only -Server $esx.Name

    }

    >>

    New-VMHostAccount : Cannot bind argument to parameter 'Password' because it is

    null.

    At line:5 char:55

    +     $user = New-VMHostAccount -Id $userName -Password $pswd

    -GrantShellAccess -S ...

    +                                                       ~~~~~

        + CategoryInfo          : InvalidData: (:) [New-VMHostAccount], ParameterB

       indingValidationException

        + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,V

       Mware.VimAutomation.ViCore.Cmdlets.Commands.Host.NewVMHostAccount

    PowerCLI C:\> $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    Get-VIPermission : 9/19/2017 3:40:56 PM    Get-VIPermission        Could not

    find VIAccount with name 'SOLSNMP'.

    At line:1 char:9

    + $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : ObjectNotFound: (SOLSNMP:String) [Get-VIPermissi

       on], VimException

        + FullyQualifiedErrorId : Core_ObnSelector_SelectObjectByNameCore_ObjectNo

       tFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.G

      etVIPermission

    Get-VIPermission : 9/19/2017 3:40:56 PM    Get-VIPermission        VIAccount

    parameter: Could not find any of the objects specified by name.

    At line:1 char:9

    + $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : ObjectNotFound: (VMware.VimAutom...unt[] Princip

       al:RuntimePropertyInfo) [Get-VIPermission], ObnRecordProcessingFailedExcep

      tion

        + FullyQualifiedErrorId : Core_ObnSelector_SetNewParameterValue_ObjectNotF

       oundCritical,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManage

      ment.GetVIPermission

    PowerCLI C:\> if(!$perm){

    >>     $root = Get-Folder -Name root -Server $esx.Name

    >>     New-VIPermission -Entity $root -Principal $userName -Role Read-only -Serv

    er $esx.Name

    >> }

    >>

    Get-Folder : 9/19/2017 3:40:56 PM    Get-Folder        Folder with name 'root'

    was not found using the specified filter(s).

    At line:2 char:13

    +     $root = Get-Folder -Name root -Server $esx.Name

    +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : ObjectNotFound: (:) [Get-Folder], VimException

        + FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimA

       utomation.ViCore.Cmdlets.Commands.GetFolder

    New-VIPermission : Cannot validate argument on parameter 'Entity'. The

    argument is null or empty. Supply an argument that is not null or empty and

    then try the command again.

    At line:3 char:30

    +     New-VIPermission -Entity $root -Principal $userName -Role Read-only

    -Server  ...

    +                              ~~~~~

        + CategoryInfo          : InvalidData: (:) [New-VIPermission], ParameterBi

       ndingValidationException

        + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.V



  • 4.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 19, 2017 07:57 PM

    The $Pswd variable hasn't been instantiated.

    You should have a line with the following at the beginning (update the password).

    $Pswd = 'YourAccountPassword'



  • 5.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 19, 2017 08:35 PM

    Ok that worked now how do I send it a list of Hosts from vCenter so I can add this account to all of my hosts.



  • 6.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 20, 2017 04:46 AM

    In one of the versions of the script, it runs through all the ESXi nodes.

    foreach ($esx in Get-VMHost){

    But you can use any selection criteria to "get" the ESXi nodes that you want to use.

    For example from a text file

    foreach($esx in (Get-VMHost -Name (Get-Content -Path esx-names.txt))){

    }



  • 7.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 20, 2017 01:14 PM

    Here is what I am trying and when I run it for a single machine it works but when I try and run it with the text file it seems to complete I get no errors but I also don't get the accounts.

    $rootUser = 'root'

    $rootPswd = '2***'

    $userName = 'SOLSNMP'

    $Pswd = '*****'

    $esx = Get-VMHost -Name $esxName

    foreach($esx in (Get-VMHost -Name (Get-Content -Path C:\ESXi_Root_Password_Reset\esxservers.txt))){

    }

    Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

    Try{

        $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

    }

    Catch{

        $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

    }

    $perm = Get-VIPermission -Principal $userName -Server $esx.Name

    if(!$perm){

        $root = Get-Folder -Name ha-folder-root -Server $esx.Name

        New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

    }

    Disconnect-VIServer -Server $esx.Name -Confirm:$false



  • 8.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter
    Best Answer

    Posted Sep 20, 2017 01:25 PM

    Try like this.

    It assumes that there is one hostname on each line in the .txt file.

    $rootUser = 'root'

    $rootPswd = '2***'

    $userName = 'SOLSNMP'

    $Pswd = '*****'

    foreach($esx in (Get-VMHost -Name (Get-Content -Path C:\ESXi_Root_Password_Reset\esxservers.txt)))

    {

        Connect-VIServer -Server $esx.Name -User $rootUser -Password $rootPswd > $null

        

        Try{

            $user = Get-VMHostAccount -User $userName -Server $esx.Name -ErrorAction Stop

        }

        Catch{

            $user = New-VMHostAccount -Id $userName -Password $pswd -GrantShellAccess -Server $esx.Name

        }

        

        $perm = Get-VIPermission -Principal $userName -Server $esx.Name

        if(!$perm){

            $root = Get-Folder -Name ha-folder-root -Server $esx.Name

            New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

        }

        Disconnect-VIServer -Server $esx.Name -Confirm:$false

    }



  • 9.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Sep 20, 2017 01:35 PM

    Not sure how you have time to work on this so quickly but you are not being paid enough :smileyhappy:

    Thanks this saved me a huge amount of work.

    Bob K



  • 10.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Mar 15, 2018 10:41 PM

    LucD I follow you all the time especially as relates to PowerCLI & I'm using this script. Appreciate it.

    Wanted to point out I received an error on vSphere 6.5 - looks like the folder path changed from vSphere 6.0 (which I'm certain you already know but wanted to help anyone having the same issue)

    $root = Get-Folder -Name ha-folder-root -Server $esx.Name

    For vSphere 6.5 Should be

    $root = Get-Folder -Name root -Server $esx.Name

    Hope this helps someone moving forward



  • 11.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Mar 16, 2018 06:07 AM

    Thanks for sharing that!

    One way to make the above code usable across different vSphere version, is to find the name of the rootfolder dynamically.

    Something like this

    if(!$perm){

        $rootFolderObj = Get-View -id $global:DefaultVIServer.ExtensionData.Content.RootFolder

        $root = Get-Folder -Name $rootFolderObj.Name -Server $esx.Name

        New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx.Name

    }



  • 12.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Aug 09, 2023 11:46 AM

    Is this script works for ESXi 7, I am receiving error for folder ha-folder-root.

     

    Error : Folder with name 'ha-folder-root' was not found using the specified filter(s).



  • 13.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Aug 09, 2023 12:08 PM

    Are you connected to the ESXi node or to the vCenter?
    That folder is only available when connected to the ESXi node.



  • 14.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Aug 09, 2023 12:09 PM

    I connected to vCenter.. in esxi 7 .. its root folder.. just changed the folder name and it worked.. thank you so much.. really appreciate your help.. 



  • 15.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Aug 09, 2023 12:08 PM

    I figured out.. thank you It saved my day



  • 16.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Apr 24, 2021 07:39 AM

    Hi Lucd

     

    When i try to pass the value through arguments to the below script , it displays error. 

    param ( $rootUser, $rootPswd,$userName,$Pswd,$esx)

    Connect-VIServer -Server $esx -User $rootUser -Password $rootPswd > $null

    $perm = Get-VIPermission -Principal $userName -Server $esx

    if(!$perm){

    $root = Get-Folder -Name ha-folder-root -Server $esx

    New-VIPermission -Entity $root -Principal $userName -Role Admi -Server $esx

    }

    Disconnect-VIServer -Server $esx -Confirm:$false

     

    Could you please help me



  • 17.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Apr 24, 2021 07:45 AM

    Which error?



  • 18.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Jul 20, 2020 02:08 PM

    Need to use Host from TXT file, also all Host have different admin account. So it would take admin user and password saved in the same file.



  • 19.  RE: Create a PowerCLI script to create a local User account on each Host in vCenter

    Posted Apr 26, 2021 07:27 AM

    $rootFolderObj = Get-View -id $global:DefaultVIServer. ExtensionData. Content.

    $root = Get-Folder -Name $rootFolderObj. Name -Server $esx. Name.

    New-VIPermission -Entity $root -Principal $userName -Role readonly -Server $esx. Name.