Automation

 View Only
  • 1.  Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 08:01 AM

    Hi, i am working on a script that automatically generates a Resourcepool, nested Folders and a Group from a json input. How do i add that group with a specified permission to the Resourepool and the folder structure?

    The script needs to work on multiple servers, so i can't really work with hardcoded IDs. They would be different on another server
    The Role always uses the same name on each server, so i think i will have to work with that

    Assaro_Delamar_0-1667894384854.png



  • 2.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 08:54 AM

    Not sure what the actual question is (without seeing the code you already have).
    Basically, you will need to use the New-VIPermission cmdlet.



  • 3.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 09:26 AM

    I tried using New-VIPermission, but i get an error saying that my principal is wrong.
    Here is my Code:

    $roleName = "Customer-Rights-RessourcesFolders"
    $name = "43652114_MustermannIT"
    
    $resourcePool = Get-ResourcePool $name -Server $settings.vCenter
    $role = Get-VIRole -Name $roleName -Server $settings.vCenter
    $group = Get-VIAccount -Name $name -Group -Server $settings.vCenter
    New-VIPermission -Role $role -Entity $resourcePool -Principal $group -Propagate $true -Server $settings.vCenter

     



  • 4.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 09:55 AM

    Did Get-VIAccount return anything?
    And what exactly is the error message?



  • 5.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 09:58 AM
    New-VIPermission : Die Argumenttransformation für den Parameter "Principal" kann nicht verarbeitet werden. Der
    Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
    In C:\scripts\check_folder.ps1:51 Zeichen:83
    + ... ssion -Role $usedRole -Entity $resourcePool -Principal $group -Propag ...
    +                                                            ~~~~~~
        + CategoryInfo          : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException
        + FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis
       sionManagement.NewVIPermission

    This is the error message. Get-VIAccount doesn't seem to return anything



  • 6.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 10:03 AM

    Is that value in $Name an account the vsphere.local domain or in the AD domain?

    Can you try with the format $name = 'account@vsphere.local.
    And if it is an AD account with $name = 'account@domain'



  • 7.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 10:06 AM

    I think i know where i went wrong. It is not an account, it is only a group that i want to assign. So i think i need another cmdlet for that



  • 8.  RE: Script to assign groups to different Resourcepools and Folders
    Best Answer

    Posted Nov 08, 2022 11:00 AM

    No, you can retrieve groups as well.
    This works for me (retrieves an AD group)

    Get-VIAccount -id <GroupName> -Domain <NetBIOS DomainName> -Group


  • 9.  RE: Script to assign groups to different Resourcepools and Folders

    Posted Nov 08, 2022 11:44 AM

    That worked. Thank you for your help. I got it now