How to list local vCenter users and groups [vCenter 6.7 and 8]

Back to discussions

Expand all | Collapse all

How to list local vCenter users and groups [vCenter 6.7 and 8]

aenagy23 days ago

I need to export and import local vCenter SSO, e.g. "vsphere.local", users and groups. Using the built-in ...

aenagy23 days ago

I did discover that Get-VIAccount will export users and groups from the local OS and SSO domain (vsphere.local). ...

1. How to list local vCenter users and groups [vCenter 6.7 and 8]

Recommend

aenagy

Posted 23 days ago

I need to export and import local vCenter SSO, e.g. "vsphere.local", users and groups. Using the built-in object explorer in vCenter 8 I found "Managed Object Type: ManagedObjectReference:UserDirectory" at https://myvCenter/mob/?moid=UserDirectory and tried the method RetrieveUserGroups with the following inputs:

domain (optional)	string
searchStr (required)	string	*
belongsToGroup (optional)	string
belongsToUser (optional)	string
exactMatch (required)	boolean	false
findUsers (required)	boolean	true
findGroups (required)	boolean	true

... and got the following output:

name	string	Return value
val	UserSearchResult[]

I wanted to use the object explorer to figure out how to use PowerCLI to retreive the local users and groups. I tried using another script (https://community.broadcom.com/vmware-cloud-foundation/discussion/how-do-i-create-a-report-on-vcenter-permissions-via-powercli) as inspiration for this:

PS C:\> $si = Get-View ServiceInstance -Server $global:DefaultVIServer

PS C:\> $UserDirectory = Get-View -Id $si.Content.UserDirectory-Server $global:DefaultVIServer

PS C:\> $UserDirectory.RetrieveUserGroups

OverloadDefinitions

-------------------

VMware.Vim.UserSearchResult[] RetrieveUserGroups(string domain, string searchStr, string belongsToGroup, string belongsToUser, bool exactMatch, bool findUsers, bool findGroups)

PS C:\> $UserDirectory.RetrieveUserGroups()

Cannot find an overload for "RetrieveUserGroups" and the argument count: "0".

At line:1 char:1

+ $UserDirectory.RetrieveUserGroups()

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodException

+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

PS C:\> $UserDirectory.RetrieveUserGroups( "" , "*" , "" , "" , "false" , "true" , "true" )

Exception calling "RetrieveUserGroups" with "7" argument(s): "The object or item referred to could not be found."

At line:1 char:1

+ $UserDirectory.RetrieveUserGroups( "" , "*" , "" , "" , "false" , "tr ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException

+ FullyQualifiedErrorId : VimException

PS C:\>

How to I get a list of vCenter local users and groups using PowerCLI?

My next question will be how to create these users and groups on another vCenter instance but that's for another post.

2. RE: How to list local vCenter users and groups [vCenter 6.7 and 8]

Recommend

aenagy

Posted 23 days ago

I did discover that Get-VIAccount will export users and groups from the local OS and SSO domain (vsphere.local). However, I'm still curious to get the previously posted code above working.

Original Message

Original Message:
Sent: Feb 19, 2025 05:22 PM
From: aenagy
Subject: How to list local vCenter users and groups [vCenter 6.7 and 8]

I need to export and import local vCenter SSO, e.g. "vsphere.local", users and groups. Using the built-in object explorer in vCenter 8 I found "Managed Object Type: ManagedObjectReference:UserDirectory" at https://myvCenter/mob/?moid=UserDirectory and tried the method RetrieveUserGroups with the following inputs:

domain (optional)	string
searchStr (required)	string	*
belongsToGroup (optional)	string
belongsToUser (optional)	string
exactMatch (required)	boolean	false
findUsers (required)	boolean	true
findGroups (required)	boolean	true

... and got the following output:

name	string	Return value
val	UserSearchResult[]

I wanted to use the object explorer to figure out how to use PowerCLI to retreive the local users and groups. I tried using another script (https://community.broadcom.com/vmware-cloud-foundation/discussion/how-do-i-create-a-report-on-vcenter-permissions-via-powercli) as inspiration for this:

PS C:\> $si = Get-View ServiceInstance -Server $global:DefaultVIServer

PS C:\> $UserDirectory = Get-View -Id $si.Content.UserDirectory-Server $global:DefaultVIServer

PS C:\> $UserDirectory.RetrieveUserGroups

OverloadDefinitions

-------------------

VMware.Vim.UserSearchResult[] RetrieveUserGroups(string domain, string searchStr, string belongsToGroup, string belongsToUser, bool exactMatch, bool findUsers, bool findGroups)

PS C:\> $UserDirectory.RetrieveUserGroups()

Cannot find an overload for "RetrieveUserGroups" and the argument count: "0".

At line:1 char:1

+ $UserDirectory.RetrieveUserGroups()

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodException

+ FullyQualifiedErrorId : MethodCountCouldNotFindBest

PS C:\> $UserDirectory.RetrieveUserGroups( "" , "*" , "" , "" , "false" , "true" , "true" )

Exception calling "RetrieveUserGroups" with "7" argument(s): "The object or item referred to could not be found."

At line:1 char:1

+ $UserDirectory.RetrieveUserGroups( "" , "*" , "" , "" , "false" , "tr ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException

+ FullyQualifiedErrorId : VimException

PS C:\>

How to I get a list of vCenter local users and groups using PowerCLI?

My next question will be how to create these users and groups on another vCenter instance but that's for another post.