Same error message. I've submitted a bug report. Thanks for your help.
Original Message:
Sent: Nov 22, 2024 05:28 PM
From: LucD
Subject: Manage local Users/Groups
The module is available in the PS Gallery, can you try with a regular Install-Module?
I noticed that in the recent KB380214 that PSv5.1 is not mentioned anymore.
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 22, 2024 04:15 PM
From: dbutch1976
Subject: Manage local Users/Groups
Hi LucD,
I'm having an issue with the VMware.vSphere.SsoAdmin module. I believe I have it loaded correctly and have the pre-reqs:
PSVersion 5.1.22621.4391
VMware.PowerCLI 13.3.0 build 24145081
I did the following:
#download Open Source PowerCLI Module for managing vCenter Single Sign-On (SSO) from https://github.com/vmware/PowerCLI-Example-Scripts
#unzip and import the module:
cd C:\Users\user1\Documents\WindowsPowerShell\Modules\VMware.vSphere.SsoAdmin\
dir C:\Users\user1\Documents\WindowsPowerShell\Modules\VMware.vSphere.SsoAdmin* | Unblock-File
Import-Module ./VMware.vSphere.SsoAdmin.psd1
#runas administrator
Install-Module VMware.vSphere.SsoAdmin -Scope AllUsers
It looks to be installed correctly:
Get-Module:
ModuleType Version Name ExportedCommands
Script 1.0.0.0 ISE {Get-IseSnippet, Import-IseSnippet, New-IseSnippet}
Manifest 3.1.0.0 Microsoft.PowerShell.Management {Add-Computer, Add-Content, Checkpoint-Computer, Clear-Content...}
Manifest 3.0.0.0 Microsoft.PowerShell.Security {ConvertFrom-SecureString, ConvertTo-SecureString, Get-Acl, Get-AuthenticodeSignature...} Manifest 3.1.0.0 Microsoft.PowerShell.Utility {Add-Member, Add-Type, Clear-Variable, Compare-Object...} Script 1.4.8.1 PackageManagement {Find-Package, Find-PackageProvider, Get-Package, Get-PackageProvider...}
Script 2.2.5 PowerShellGet {Find-Command, Find-DscResource, Find-Module, Find-RoleCapability...}
Script 13.3.0.... VMware.VimAutomation.Common {Get-PowerCLIContext, Get-Task, New-OAuthSecurityContext, Stop-Task...}
Script 13.3.0.... VMware.VimAutomation.Sdk {Get-ErrorReport, EnableParameterCompleters, Get-InstallPath, Get-PSVersion}
Script 1.3.9 VMware.vSphere.SsoAdmin {Add-GroupToSsoGroup, Add-LDAPIdentitySource, Add-UserToSsoGroup, Connect-SsoAdminServer...}
When I attempt to use the Connect-SsoAdminServer -Server $viserver -credential $cred -SkipCertificateCheck I get:
Cannot find the type for custom attribute 'VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute'. Make sure that the assembly that contains this type is loaded.
At C:\Users\dbutc\Documents\WindowsPowerShell\Modules\VMware.vSphere.SsoAdmin\Connect.ps1:63 char:9
+ [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: ([VMware.vSphere...ionAttribute()]:AttributeAst) [], RuntimeException
+ FullyQualifiedErrorId : CustomAttributeTypeNotFound
However, when I do the exact same thing in Powershell7 it's working. Any idea why it's not working for me in PowerShell ISE? None of the commands from this module appear to be working.
Original Message:
Sent: Nov 22, 2024 03:19 AM
From: LucD
Subject: Manage local Users/Groups
You can just pipe the output to an Export-Csv
Get-Folder -Type VM -PipelineVariable folder |Get-VIPermission |ForEach-Object -Process { $obj = [ordered]@{ Folder = $folder.Name Principal = $_.Principal Propagate = $_.Propagate Group = $_.IsGroup Members = 'na' } $pDomain, $pName = $_.Principal.Split('\') if ($_.IsGroup -and $pDomain -match "^$($ssoDomain)") { $group = Get-SsoGroup -Name $pName -Server $ssoSrv -Domain $pDomain if ($group){ $members = Get-SsoPersonUser -Group $group $obj.Members = $members.Name -join ',' } } New-Object -TypeName PSobject -Property $obj} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 22, 2024 03:03 AM
From: the1960
Subject: Manage local Users/Groups
Hi Luc,
Perfect. But how can I export this to a csv?
Br
Original Message:
Sent: Nov 21, 2024 12:21 PM
From: LucD
Subject: Manage local Users/Groups
You can try something like this
$vcsa = 'vcsa8.local.lab'$viUser = 'administrator@vsphere.local'$viPswd = 'VMware1!'$ssoUser = 'administrator@vsphere.local'$ssoPswd = 'VMware1!'$ssoDomain = $ssoUser.Split('@')[1] # It assumes the SSO admin is in the SSO domainConnect-VIServer -Server $vcsa -User $viUser -Password $viPswd$ssoSrv = Connect-SsoAdminServer -Server $vcsa -User $ssoUser -Password $ssoPswd -SkipCertificateCheckGet-Folder -Type VM -PipelineVariable folder |Get-VIPermission |ForEach-Object -Process { $obj = [ordered]@{ Folder = $folder.Name Principal = $_.Principal Propagate = $_.Propagate Group = $_.IsGroup Members = 'na' } $pDomain, $pName = $_.Principal.Split('\') if ($_.IsGroup -and $pDomain -match "^$($ssoDomain)") { $group = Get-SsoGroup -Name $pName -Server $ssoSrv -Domain $pDomain if ($group){ $members = Get-SsoPersonUser -Group $group $obj.Members = $members.Name -join ',' } } New-Object -TypeName PSobject -Property $obj}Disconnect-SsoAdminServer -Server $vcsaDisconnect-VIServer -Server $vcsa -Confirm:$false
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 21, 2024 11:06 AM
From: the1960
Subject: Manage local Users/Groups
Thank you for your quick response.
- It's just VM & template folder
- It's the standard vsphere.local domain
- There's no AD connection, just local groups and users
The managing users and groups on the vCenter is a disaster. Practically impossible.
Or is there an internal way to manage the groups and their users on the vCenter?
Thanks
Original Message:
Sent: Nov 21, 2024 10:36 AM
From: LucD
Subject: Manage local Users/Groups
You will have to do a Connect-SsoAdminServer before you can use any of the cmdlets in the module.
You will also have to specify the domain in most of the cmdlets.
Your new request to list permissions for folders needs a bit more information.
Are these VM & Template folders or Host & Cluster folders?
When you talk about local groups do you mean groups in the SSO domain, i.e. the default vsphere.local domain?
On a side note, the localos domain doesn't allow groups
For groups in an AD domain you will have to use AD cmdlets to retrieve the members of a group.
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 21, 2024 09:01 AM
From: the1960
Subject: Manage local Users/Groups
Hi LucD,
Thanks for Info.
I tried the following script, but the csv file is empty. I debugged it but the variables are empty. But there is no error message.
$users = Get-SsoPersonUser
$groups = Get-SsoGroup
# Ergebnisse ausgeben
Write-Host "Users in vCenter:"
$users | ForEach-Object {
Write-Host "Name: $($_.Name), DisplayName: $($_.DisplayName), Email: $($_.Email)"
}
Write-Host "`nGroups in vCenter:"
$groups | ForEach-Object {
Write-Host "Name: $($_.Name), Description: $($_.Description)"
}
# Optional:
$users | Select-Object Name, DisplayName, Email | Export-Csv -Path $outputFileUsers -NoTypeInformation -Encoding UTF8 -Delimiter ';'
$groups | Select-Object Name, Description | Export-Csv -Path $outputFileGroup -NoTypeInformation -Encoding UTF8 -Delimiter ';'
I need a script that lists the VM folders with the group permissions and the users contained therein.
Original Message:
Sent: Nov 21, 2024 04:04 AM
From: Luc Dekens
Subject: Manage local Users/Groups
Have you looked at the VMware.vSphere.SsoAdmin module, more specifically the Get-SsoPersonUser cmdlet?
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 21, 2024 02:57 AM
From: the1960
Subject: Manage local Users/Groups
I am looking for a script that lists all groups from vCenter 8.0 with their members and exports them to a csv file.
What is the best way to manage local users and groups? The handling is very cumbersome ;-)