PowerCLI

Hello community,

I have this committment

Enviroment : Multiple vcenters from 4.1 to 6.5

Requests:

• Create 2 new host users
• Give them a custom UID and GID
• Assign them the Administrator role
• Shell access

Until now i know i can create users on multiple hosts by  New-VMHostAccount using PowerCli, i can change UID with ssh command /usr/lib/vmware/auth/bin/chuid and assign them to Administrator role via vsphere client.

Seems there is no way to do all of it using only PowerCli and seems there is no way at all to change the GID for 5.1 and above.

Please, prove me i am wrong (i am sure i am...)

Thanks

Fabio

You are right, local groups are abolished since 5.1.

You can give a new user the required rights by using the role.

Note that you need to connect to the ESXi node to use New-VMHostAccount for ESXi users.

Also note that the root folder has been having different names in different ESXi versions (in 6.7 it is 'root').
Doing this for 2 user accounts is trivial I assume.

Thanks LucD, is there a way to integrate the UID assignment or do i have to treat it as a different task?

Fabio

No, not with the PowerCLI cmdlet, nor with any of the ESXi commands (like esxcli, vicfg-user...).
The concept of a uid for an ESXi user is abandoned after ESXi 5.1 afaik.

You can go in the /etc/passwd file and change the value there, but I suspect it has no use and might be overwritten after a reboot.

Hello LucD

I managed to run it for multiple hosts, of for user create but i still have issues for role assignment

This is what i'm using right now

$esxSrv="HOST2","HOST2"

Foreach ($esxSrv In $esxSrv)

{

Connect-VIServer -Server $esxSrv -User root -Password @@@@

$user = New-VMHostAccount -Server $esxSrv -Id testuser2 -Password VMware1! -UserAccount -GrantShellAccess

$rootFolder = Get-Folder -Name root -Server $esxSrv

$role = Get-VIRole -Name Admin -Server $esxSrv

New-VIPermission -Role Admin -Principal testuser2 -Entity $rootFolder

Disconnect-VIServer -Server $esxSrv -Confirm:$false

}

I have this error

I tried using the ha-folder-root as root folder  but i got this instead

Checked with Get-ViAccount and i get

What am i missing?

Thanks :smileyhappy:

When you are connected to an ESXi node, you need to give the permission on the 'root' folder.

But they changed the name of the 'root' folder in recent ESXi versions.

It could be 'ha-root-folder' instead of 'root'.

Connect to an ESXi node and do a Get-Folder, you should see what the name is in the ESXi version you are using.

I already tried it, maybe you missed in the other post, this single command's output.

I think i am missing some stupid thing, i am sorry but my powercli expertise is quite low

Can you show the output of the Get-Folder cmdlet, not the Get-VIAccount?

Sure

As I tried to explain before, the name of the 'root' folder has changed in the different ESXi versions.

In your case you will need to use ha-root-folder instead of root.

The script should be

Sorry LucD, but is exactly what i did if you look at the screens :smileyhappy:

It looks like you are connected to multiple servers.

Check what is in $global:defaultVIServers, and make sure there are no connections open before you run the script.

Maybe something in the syntax?

New-VIPermission -Entity ha-folder-root -Role Admin -Principal testuser

No, you are not doing what I provided.
You have to get the folder in a variable and the role as well.