Six Million Ways To…
  • About
Powercli , Scripts

vCenter : Add permissions

by Axel September 28, 2017 No Comments

This time, I just wanted to troubleshoot an issue with a script supposed to set permissions on vCenter.

The initial idea was to set permissions at the vCenter level and propagate them to the child objects.

Note that  in order to use this script you will need to know the netbios name of your domain. Because someone asked it to me: No, you cannot guess the netbios name of a Active Directory domain just by looking its full name. A system administrator should help you.

I wrote this :

clear

 

#region Functions

function AssignPermissionToGroup()
{
param(
[parameter(mandatory=$true)]$ADDomain,
[parameter(mandatory=$true)]$ADGroup,
[parameter(mandatory=$true)]$Role
)

try
{
$rootFolder=get-folder -norecursion
write-host “Adding $ADgroup to vCenter role $Role at the $rootFolder level”
new-viPermission -entity $rootFolder -principal $ADGroup -role $Role -propagate:$true
}
catch
{
write-host (“Failed to add $ADgroup to vCenter role $Role. Error: `n” + $_.excception.message) -ForegroundColor red
}

}

function Display()
{
param(
[parameter(mandatory=$true)][validateSet(“info”,”error”,”quit”,”debug”)]$type,
[parameter(mandatory=$false)]$message
)

switch($type)
{
“info” {write-host $message -ForegroundColor Darkcyan}
“error” {write-host $message -ForegroundColor red}
“debug” {write-host “=> DEBUG : $message” -ForegroundColor yellow}
“quit” {write-host $message -ForegroundColor DarkYellow}
}
}

 

#endregion

 

#region MAIN

#UNCOMMENT THE FOLLOWING SECTION IF YOU ARE NOT ALREADY CONNECTED TO YOUR VCENTER INSTANCE !
<#
$vcenter = read-host “Please enter the FQDN of the vCenter you want to connect to”
write-host “vc” $vcenter -ForegroundColor cyan
Connect-VIServer $vcenter
#>

$viaccount=$null
$UserDomain = read-host “Provider the Netbios name of the domain (ex : axel for axel.lab)”
$Addgroup = $true

 

while($Addgroup)
{

$GroupToAdd = read-host “Give the short name of the group to add (ex: vCenterAdmins)”

Display -type info -message “Looking for $GroupToAdd…”

$viaccount = get-viaccount -domain $UserDomain -group -id $GroupToAdd -ErrorAction SilentlyContinue

if($viaccount)
{
write-host “Found !”
}
else
{
Display -type error -message (“Group $GroupToAdd not found !”)
break
}

$vcRole=(get-virole).name
Display info “vCenter Roles:”
$vcRole

$GroupRole = read-host “`n Please copy/paste the role to link to group $GroupToAdd”
AssignPermissionToGroup -ADDomain $UserDomain -ADGroup $viaccount -Role $GroupRole

$UserAnswer = read-host “Do you want to add another group (y/n) ?”
if($UserAnswer.ToLower() -ne “y”)
{
$viaccount=$null
$Addgroup = $false
Display -type quit
}
}

 

#endregion

Example of output :

vCentervSphere

  • Next Nutanix : Create a three nodes cluster2 years ago

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Menu

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Recent Posts

  • vRA : API : Submit a request
  • vRO: Setting constants for workflows
  • VM : Quickly delete one or more VM
  • vRO: Using vRA REST API to get all vCAC VMs
  • vRO : Workflow to Get Restarted VMs by HA

Archives

  • October 2019
  • March 2019
  • March 2018
  • September 2017

Categories

  • CLI (2)
  • ESXi (1)
  • Orchestrator (4)
  • Scripts (3)
    • Powercli (3)
  • vRA (2)
  • vSphere (1)

Tags

API (1) CLI (1) HA (1) Nutanix (1) PowerCLI (1) Reminder (1) REST (1) REST API (1) vCenter (3) VRA (2) VRO (3) vSphere (4)
2020 Six Million Ways To…. Donna Theme powered by WordPress