PowerCLI

I'm trying to find a script that will capture our vSphere vCenter Roles and Permissions hierarchy. I thought I'd found the ideal thing at:

http://www.virtu-al.net/2009/06/15/vsphere-permissions-export-import-part-1

But I'm having real problems getting this working. I'm getting the same form of errors as other users on that site

The script runs okay, but I get continual errors along the lines of:

"You cannot call a method on a null-valued expression.

At C:\tmp\ExportRoles.ps1:85 char:22

$node.AppendChild( <<<< $tmp)"

"You cannot call a method on a null-valued expression.

At C:\tmp\ExportRoles.ps1:85 char:23

$node.SetAttribute( <<<< $name, $value)"

"You cannot call a method on a null-valued expression.

At C:\tmp\ExportRoles.ps1:85 char:44

$tmp = $global:vInventory.CreateElement( <<<< $nodeName)"

That loops for a while then I get errors like:

"Exception calling "AppendChild" with "1" argument(s): "Object reference not set to an instance of an object."

At C:\tmp\ExportRoles.ps1:81 char:22

$node.AppendChild( <<<< $tmp)

When carrying out the fix as mentioned by one of the users about changing the 'global' part, I get the same erros but with a new one thrown in:

"Exception calling "CreateElement" with "1" argument(s): "The local name for elements or attributes cannot be null or an empty string."

At C:\tmp\ExportRoles.ps1:80 char:37

$tmp = $vInventory.CreateElement( <<<< $nodeName)

The script is creating the xml file populated with the descriptors, it's just not populating it with any of my roles or permissions. I have removed most of the stock roles and created new roles from scratch.

I'm using vCenter 4.0U1 build 208111 and the PowerCli 4.0.1-208462

Any ideas? Or can people point me somewhere else for a script that'll capture this. I especially like the fact it's been pumped out to XML as my intention is to use this as part of the automated build process for our environment. I'm fairly green to Powershell, I copied that script verbatim so if there's something noddy I should be doing please shout. I'm assuming it's not enumarting the values from the AuthorizationManager, but I don't know where to insert a 'Write-Host' step to output the value to a screen to check where it's falling over so again any help with this would be appreciated.

Cheers folks.

That is one of my old script that apparently had some problems in PowerShell v2.

Attached a new version.

Can you check if it works for you ?

____________

Blog: LucD notes

Twitter: lucd22

You Sir, are what's commonly known in the business as a 'Star'.

Thanks for taking the time to look at this and thanks for writing such a great script.

Do you happen to have an updated copy of the import script too?  This updated export script worked like a champ but the import script is giving me errors. 

Thanks,

- Ben

---------------------------------------------------------------------

Thanks again Luc!  The export works perfect.  I added a check to the Get-Roles function to leave out the sample roles.

foreach($role in $authMgr.roleList){
      if ($role.name -notmatch "sample"){
          $ret = New-Object PSObject
          $ret | Add-Member -Type noteproperty -Name “Name” -Value $role.name
          $ret | Add-Member -Type noteproperty -Name “Label” -Value $role.info.label
          $ret | Add-Member -Type noteproperty -Name “Summary” -Value $role.info.summary
          $ret | Add-Member -Type noteproperty -Name “RoleId” -Value $role.roleId
          $ret | Add-Member -Type noteproperty -Name “System” -Value $role.system
          $ret | Add-Member -Type noteproperty -Name “Privilege” -Value $role.privilege
          $report += $ret
        }
    }

Old thread but wasn't finding anything else out there on it.

Tried this script against a stand-alone ESXi 5 host, had to make this change:

    $authMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager

Replace the line in Get-Roles (ln 4) and Get-Permissions (ln 27).

Also noticed that it didn't like saving to the root of my C drive on W7, altered the save line to c:\temp.

Thanks for a nice script!