YES.
The command I used without the Set-AdvancedSetting
Get-VMHost <hostname> | Get-AdvancedSetting -Name Config.HostAgent.plugins.hostsvc.esxAdminsGroup
Is returning the value that is configured. I can also confirm this AD group is configured by looking at advanced system settings in my vCenter. Again I am cutting off part of the name of the AD group for security reasons.
Its just not getting pushed to the host permission for whatever reason. Hence my confusion.
Original Message:
Sent: Nov 08, 2024 11:11 AM
From: LucD
Subject: Setting host permissions on domain joined hosts
Not sure what you did, but did you do the Set-AdvancedSetting at the end?
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 08, 2024 10:09 AM
From: mtrohde
Subject: Setting host permissions on domain joined hosts
NOPE.
Original Message:
Sent: Nov 08, 2024 09:35 AM
From: LucD
Subject: Setting host permissions on domain joined hosts
Isn't step 14 in Configure Multiple Security Settings on the ESXi Hosts by Using PowerCLI doing most of that?
------------------------------
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Original Message:
Sent: Nov 08, 2024 09:16 AM
From: mtrohde
Subject: Setting host permissions on domain joined hosts
Hello All,
For hosts I need to configure an AD group as an Admin on my hosts, configure another group as ReadOnly and remove Domain\ESX Admins.
Googling has failed to come up with anything useful. Setting Config.HostAgent.plugins.hostsvc.esxAdminsGroup does not add my new domain group and even if it did it doesn't deal with other two asks.
Someone has to have come up with a script for this since that VUL dropped about esxAdminsGroup.
Michael