PowerCLI

 View Only

  • 1.  Script to Create vCenter Accounts

    Posted Jul 26, 2019 12:33 PM

    Hi,

    I've been searching for a while but I haven't yet come across a way to automate creation of vCenter accounts.

    We manage 10-15 vCenters and the user creation process is incredibly time consuming (i.e. if a new admin starts and needs access to all VC's).

    Has anyone been able to automate this?

    Thanks,

    David



  • 2.  RE: Script to Create vCenter Accounts

    Posted Jul 26, 2019 01:09 PM

    I assume you mean accounts in the SSO domain?
    If yes, afaik there are no public API to do this. And no PowerCLI cmdlets.

    The closest I have come is to use the dir-cli command.

    See https://communities.vmware.com/message/2696400#2696400, which includes a link to Wiliam's post on dir-cli.

    And use a SSH session to the PSC (or VCSA if the PSC is embedded) to run the dir-cli command.

    On the SSH subject, see Use Posh-SSH instead of PuTTY



  • 3.  RE: Script to Create vCenter Accounts

    Posted Jul 26, 2019 01:25 PM

    Hi,

    Yeah I mean SSO users.

    I'll have a look at those links, thanks.



  • 4.  RE: Script to Create vCenter Accounts

    Posted Jul 26, 2019 03:20 PM

    So those articles have got me down the right path, but I'm stuck...

    When I use Posh-SSH to connect to the VCSA, I can't find a way to enter the "shell" command followed by the dir-cli user create command.



  • 5.  RE: Script to Create vCenter Accounts
    Best Answer

    Posted Jul 26, 2019 05:44 PM

    It's a bit more complicated than the simple example I gave.

    With a 'regular' SSH session there is no TTY connected to your session, hence the problem of entering the 'shell' command.

    You can force a TTY by opening a shell stream.

    $vcsa = 'vcsa.domain'

    $user = 'root'

    $pswd = 'VMware1!'


    $secPswd = ConvertTo-SecureString $pswd -AsPlainText -Force

    $cred = New-Object System.Management.Automation.PSCredential ($user, $secPswd)


    $newUser = 'lucd'

    $newPswd = 'VMware1!'

    $newFirst = 'Luc'

    $newLast = 'D'


    $createUser = @'

    /usr/lib/vmware-vmafd/bin/dir-cli user create --account $newUser --first-name $newFirst --last-name $newLast --user-password '$newPswd' --password '$pswd'

    '@


    $createUser = $ExecutionContext.InvokeCommand.ExpandString($createUser)


    $session = New-SSHSession -ComputerName $vcsa -Credential $cred –AcceptKey

    $stream = New-SSHShellStream -SSHSession $session -TerminalName tty

    $stream.WriteLine('shell')

    while ($stream.Length -ne 0)

    {

       $stream.Read()

    }


    $stream.WriteLine($createUser)

    while ($stream.Read() -notmatch 'created successfully')

    {

      sleep 2

    }

    while ($stream.Length -ne 0)

    {

       $stream.Read()

    }

    $stream.Close()

    Remove-SSHSession -SSHSession $session | Out-Null

    ---------------------------------------------------------------------------------------------------------

    Was it helpful? Let us know by completing this short survey here.



  • 6.  RE: Script to Create vCenter Accounts

    Posted Jul 30, 2019 12:01 PM

    Hi Lucd,

    Big thanks for that - with some tweaking I've come up with something that saves us a lot of time.

    I thought it would be possible through PowerCLI but this is definitely workable.

    Thanks,

    David



  • 7.  RE: Script to Create vCenter Accounts

    Posted Jul 26, 2019 05:45 PM

    I'll add a new post on this in my Dives section on my blog.