So this is kind of based on this thread: Trying to get a PowerCLI script to run on multiple vCenters at once
I now need to take the script and modify it so specific users can be added to a specific folder on multiple vCenters. The vCenters are setup the same under 1 particular datacenter, same folders, sub folder structure, etc. Whereas the previous script would add the permission to the particular folder that existed on only one of the vCenters I need this to add a user to both. I've tried playing around with the array and specifying other options, like New-VIPermission -Entity myfolder -Server $viservers -Principal $usertoadd -Role VirtualMachineUser -Propagate:$true but I just get this:
New-VIPermission : 8/30/2019 10:11:25 AM New-VIPermission The specified parameter 'Entity' expects a single value, but your name criteria 'myfolder' corresponds to multiple values.
I'm sure it's something very simple, but I'm not sure of what the right fix is exactly for this. I thought I could create another array in the param section from the previous script and have something like: [array]$folder = (Get-Folder -Name myfolder)
But that didn't work. Any help appreciated.
Thanks.
Can't you simplify that part?
Something like this (provided I understood the desired logic correctly)
while ($answer -ne 'Q')
{
Write-Host "Please select an option"
Write-Host "1 - Do the user selection"
Write-Host "Q - Exit the script"
$answer = (Read-Host -Prompt "Your reply").ToUpper()
if ($answer -eq '1')
{
$usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"
if (Get-VIPermission -Principal $usertoadd -Server $viservers.Name)
{
Get-Folder -Name myfolder -Server $viservers.Name |
New-VIPermission -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true
}
}
}
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I currently have this for my code after trying to look around at some other examples, and it acts like it's done something, but when I check the folder I don't see the user I just tried to add.
param(
[array]$viservers = ("vcenter.domain", "vcenter2.domain")
)
if (!(Get-Module -ListAvailable -Name VMware.PowerCLI)) {
Install-Module -Name VMware.PowerCLI -Force -Scope CurrentUser -Confirm:$false
Import-Module VMware.PowerCLI -Force
}
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
$creds = Get-Credential -Message "Enter your vCenter credentials" -UserName "$($env:USERDNSDOMAIN)\$($env:USERNAME)"
$vSphereConns+= Connect-VIServer -Server $viservers -Credential $creds
#$folder = @(Get-Folder -Type VM -Name myfolder)
while($true){
$endAnswer = '1'
while($endAnswer -ne 'Q'){
if($endAnswer -eq '1'){
$usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"
}
$perm = Get-VIPermission -Principal $usertoadd -Server $viservers.Name
if(!$perm){
$root = Get-Folder -Name myfolder -Server $viservers.Name
New-VIPermission -Entity $root -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true
}
write-host "Please select an option"
Write-Host "1 - Go back to the user selection"
Write-Host "Q - Exit the script"
$endAnswer = ''
while('1','Q' -notcontains $endAnswer){
$endAnswer = (Read-Host -Prompt 'Your answer').ToUpper()
}
}
ForEach( $conn in $vSphereConns) {
Disconnect-VIServer -Server $conn -Confirm:$false
}
Write-Host "Disconnecting from vCenter and exiting script"
Write-Host "Hey! I'm walking here"
break
}
What DefaultVIServerMode are you using? Single or Multiple?
Can you check with Get-PowerCLIConfiguration?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
It is set to multiple.
Can you add the Verbose switch on the New-VIPermission cmdlet?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD
So I added it, but I don't see anything additional. When I run the script all I see is this as the output:
cope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout
Seconds
----- ----------- ------------------- ------------------------ -------------------------- -------------------
Session UseSystemProxy Multiple Ignore True 300
User Multiple Ignore
AllUsers
= Enter the username in domain\user format to add to the folder: domain\user
Please select an option
1 - Go back to the user selection
Q - Exit the script
Your answer: q
Disconnecting from vCenter and exiting script
But when I go to the folder in the vCenters nothing has been added.
For some reason now when I suddenly try to run this again I get an error when trying to add a different user than myself:
New-VIPermission : Cannot process argument transformation on parameter 'Entity'. This parameter no longer accepts an
array. As an alternative you may pass multiple values by pipeline (if supported by the parameter).
At C:\Users\myser\Desktop\GenScripts\v2Scripts\myscript2.ps1:35 char:28
+ New-VIPermission -Entity $root -Principal $usertoadd -Server ...
+ ~~~~~
+ CategoryInfo : InvalidData: (:) [New-VIPermission], ParameterBindingArgumentTransformationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.Permis
sionManagement.NewVIPermission
Section of code is this:
New-VIPermission -Entity $root -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true -Verbose
Full section of code is this:
$perm = Get-VIPermission -Principal $usertoadd -Server $viservers.Name
if(!$perm){
$root = Get-Folder -Name myfolder -Server $viservers.Name
New-VIPermission -Entity $root -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true -Verbose
}
That would mean that the same folder exists in both vCenters.
And the Entity parameter on the New-VIPermission cmdlet indeed only accepts a single value.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ok so is there a way around that? The entity exists on both vCenters and I'm trying to add the user to both at the same time.
Use the pipeline, instead of the $root variable.
It will present the folders, one by one to the New-VIPermission cmdlet.
New-VIPermission -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Sweet that worked. Now for whatever reason at the end I have to hit Q twice to disconnect from both vCenters, whereas before it was just once. Odd.
Can't you simplify that part?
Something like this (provided I understood the desired logic correctly)
while ($answer -ne 'Q')
{
Write-Host "Please select an option"
Write-Host "1 - Do the user selection"
Write-Host "Q - Exit the script"
$answer = (Read-Host -Prompt "Your reply").ToUpper()
if ($answer -eq '1')
{
$usertoadd = Read-Host = "Enter the username in domain\user format to add to the folder"
if (Get-VIPermission -Principal $usertoadd -Server $viservers.Name)
{
Get-Folder -Name myfolder -Server $viservers.Name |
New-VIPermission -Principal $usertoadd -Server $viservers.Name -Role VirtualMachineUser -Propagate:$true
}
}
}
---------------------------------------------------------------------------------------------------------
Was it helpful? Let us know by completing this short survey here.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference