Automation

 View Only
  • 1.  How to change a non root account on multiple esx 4 hosts

    Posted Jan 03, 2012 02:56 PM

    We currently use the below script to change the root password but we need one  to change a non root account that does not have access the same way root does.

    So if this script could be changed to log into each server with root and then change a non root account's password that would be helpfull.

    Any help would be appreciated.

    -Steve

    #
    # This script changes the root password on all ESX hosts in the esxservers.txt textfile
    #

    # Add VI-toolkit #
    Add-PSsnapin VMware.VimAutomation.Core
    Initialize-VIToolkitEnvironment.ps1

    # Get old root credential
    $oldrootPassword = Read-Host "Enter old root password" -AsSecureString
    $oldrootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$oldrootPassword

    # Get new root credential
    $newrootPassword = Read-Host "Enter new root password" -AsSecureString
    $newrootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$newrootPassword
    $newrootPassword2 = Read-Host "Retype new root password" -AsSecureString
    $newrootCredential2 = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$newrootPassword2
    $WarningPreference = "SilentlyContinue"

    # Compare passwords
    If ($newrootCredential.GetNetworkCredential().Password -ceq $newrootCredential2.GetNetworkCredential().Password) {

        # Create new root account object
        $rootaccount = New-Object VMware.Vim.HostPosixAccountSpec
        $rootaccount.id = "root"
        $rootaccount.password = $newrootCredential.GetNetworkCredential().Password
        $rootaccount.shellAccess = "/bin/bash"

        # Get list of Host servers from textfile to change root password on
        Get-Content esxservers.txt | %{
            Connect-VIServer $_ -User root -Password $oldrootCredential.GetNetworkCredential().Password -ErrorAction SilentlyContinue -ErrorVariable ConnectError | Out-Null
            If ($ConnectError -ne $Null) {
                Write-Host "ERROR: Failed to connect to ESX server:" $_
            }
            Else {
                $si = Get-View ServiceInstance
                $acctMgr = Get-View -Id $si.content.accountManager
                $acctMgr.UpdateUser($rootaccount)
                Write-Host "Root password successfully changed on" $_
                Disconnect-VIServer -Confirm:$False | Out-Null
            }
        }
    }
    Else {
    Write-Host "ERROR: New root passwords do not match. Exiting..."
    }



  • 2.  RE: How to change a non root account on multiple esx 4 hosts

    Posted Jan 03, 2012 03:33 PM

    Can't you just use the same script ?

    Just add a prompt for the account you want to change the password for and create the PSCredential object for this account instead of for the root account.

    Then you connect as root to each ESX(i) server and use the UpdateUser method (as the script does).



  • 3.  RE: How to change a non root account on multiple esx 4 hosts

    Posted Jan 03, 2012 03:48 PM

    I know we should be able to do it but I am not scripting knowledgeable.

    I was hoping for specifics for a noob.

    -Thanks

    Steve



  • 4.  RE: How to change a non root account on multiple esx 4 hosts
    Best Answer

    Posted Jan 03, 2012 04:04 PM

    Try something like this.

    It will first prompt for the root password of the ESX(i) servers.

    Then the name of the account, followed by the 2 times the new password

    #
    # This script changes the password of an account on all ESX hosts in the esxservers.txt textfile
    # # Add VI-toolkit
    #
    Add-PSsnapin VMware.VimAutomation.Core
    Initialize-VIToolkitEnvironment.ps1 # Get root password
    $rootPassword = Read-Host "Enter root password" -AsSecureString
    $rootCredential
    = new-object -typename System.Management.Automation.PSCredential -argumentlist "root",$rootPassword # Get account to change
    $account = Read-Host "Enter account"
    # Get new account credential
    $newaccountPassword = Read-Host "Enter new password" -AsSecureString
    $newaccountCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist $account,$newaccountPassword
    $newaccountPassword2 = Read-Host "Retype new password" -AsSecureString
    $newaccountCredential2 = new-object -typename System.Management.Automation.PSCredential -argumentlist $account,$newaccountPassword2
    $WarningPreference = "SilentlyContinue" # Compare passwords
    If ($newaccountCredential.GetNetworkCredential().Password -ceq $newaccountCredential2.GetNetworkCredential().Password) {     # Create new root account object
        $accountSpec = New-Object VMware.Vim.HostPosixAccountSpec
        $accountSpec.id = $account
        $accountSpec.password = $newaccountCredential.GetNetworkCredential().Password     $accountSpec.shellAccess = "/bin/bash"     # Get list of Host servers from textfile to change account password on
        Get-Content esxservers.txt | %{         Connect-VIServer $_ -User root -Password $rootCredential.GetNetworkCredential().Password -ErrorAction SilentlyContinue -ErrorVariable ConnectError | Out-Null
            If ($ConnectError -ne $Null) {             Write-Host "ERROR: Failed to connect to ESX server:" $_
            }        
    Else {             $si = Get-View ServiceInstance
                $acctMgr = Get-View -Id $si.content.accountManager             $acctMgr.UpdateUser($accountSpec)             Write-Host "$account password successfully changed on" $_
               
    Disconnect-VIServer -Confirm:$False | Out-Null
            }     } } Else { Write-Host "ERROR: New $account passwords do not match. Exiting..."
    }


  • 5.  RE: How to change a non root account on multiple esx 4 hosts

    Posted Jan 03, 2012 06:07 PM

    I get this

    cid:image001.png@01CCCA18.648E8770

    Thank you,

    Steve



  • 6.  RE: How to change a non root account on multiple esx 4 hosts

    Posted Jan 03, 2012 06:09 PM

    My mistake, there was a typo in the script.

    I just corrected it, please try again.



  • 7.  RE: How to change a non root account on multiple esx 4 hosts

    Posted Jan 03, 2012 06:17 PM

    That did the trick.

    Thank you very much

    -Steve



  • 8.  RE: How to change a non root account on multiple esx 4 hosts

    Posted Sep 07, 2012 07:17 AM

    keep getting this error:

    Get-View : Cannot validate argument on parameter 'Id'. The argument is null or empty. Supply an argument tha
    t is not null or empty and then try the command again.
    At C:\Users\abcd\AppData\Local\Temp\3\166aa7dd-60b2-4d0a-b9cb-90e1ba711d68.ps1:33 char:27
    +             $acctMgr = Get-View -Id <<<<  $si.content.accountManager
        + CategoryInfo          : InvalidData: (:) [Get-View], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands
       .DotNetInterop.GetVIView

    using powercli 5.0

    what could be the problem. any help appreciated. thanks.