Hello,
I have been trying to check host profile compliance at a host level. I have been using the Get-VMHostProfile CMD-let and haved piped in a specific host but it appears to only report back that status of the entire profile itselfe under ExtensionData.ComplianceStatus rather that the host itself. I am looking to find the uncompliant hosts inside a nonCompliant Host Profile. Thanks in advance for any help.
Cheers!
-LzK
You can use the Test-VMHostProfileCompliance cmdlet to test a specific host for compliance with it's profile. For example:
Test-VMHostProfileCompliance -VMHost ESX1
I played with this CMD-let a little bit and it does return the information I am looking for however I am required to run a compliance check for each individual host to get it which could take some time in my environment. Currently we have a compliance check on a scheduled basis so it would be nice to find a way to get the current status without have to run a new compliance check for each object. Thanks for you help, it gets me part of the way there.
I think I may have cracked this one by using the Test-VMHostProfileCompliance CMD-let with the -UseCache peram.
$variable = Test-VMHostProfileCompliance -VMHost $host -UseCache
$variable.ExtensionData.ComplianceStatus
But that will only return your 'non-compliant' hosts.
How do you return compliant hosts as well?
The Test-VMHostProfileCompliance cmdlet returns only something when the host is not compliant. You can use that information. If the cmdlet does not return anything, then the host is either compliant or has no attached host profile. The next PowerCLI script does not test if the host has an attached host profile or not. It returns compliant for all hosts for which the Test-VMHostProfileCompliance cmdlet returns nothing.
foreach ($VMHost in (Get-VMHost)) { $Compliance = Test-VMHostProfileCompliance -VMHost $VMHost -UseCache if ($Compliance) { $ComplianceStatus = $Compliance.ExtensionData.ComplianceStatus } else { $ComplianceStatus = "Compliant" } New-Object -TypeName PSObject -Property @{ VMhost = $VMHost.name ComplianceStatus = $ComplianceStatus } }
Thanks! I made a few additions to the sample which will also check if no profile is attached:
foreach
($VMHost in (Get-VMHost)) {
$Compliance = Test-VMHostProfileCompliance -VMHost $VMHost -UseCache
$AttachedProfile = Get-VMHostProfile -entity $VMHost
if ($Compliance -ne $null)
{
$ComplianceStatus = $Compliance.ExtensionData.ComplianceStatus
}
elseif ($AttachedProfile -eq $null)
{
$ComplianceStatus = "No Profile Attached!"
}
else
{
$ComplianceStatus = "Compliant"
}
New-Object -TypeName PSObject -Property @{
VMhost
= $VMHost.name
ComplianceStatus
= $ComplianceStatus
}
}
Thanks for you additions. It is a usefull script now.
To prevent the Test-VMHostProfileCompliance cmdlet from outputting red warning messages for hosts that don't have a host profile you can add -ErrorAction:SilentlyContinue to that line. if ($var -ne $null) is the same as if ($var) and is a bit shorter.
foreach ($VMHost in (Get-VMHost)) { $Compliance = Test-VMHostProfileCompliance -VMHost $VMHost -UseCache -ErrorAction:SilentlyContinue $AttachedProfile = Get-VMHostProfile -entity $VMHost if ($Compliance) { $ComplianceStatus = $Compliance.ExtensionData.ComplianceStatus } elseif ($AttachedProfile) { $ComplianceStatus = "Compliant" } else { $ComplianceStatus = "No Profile Attached!" } New-Object -TypeName PSObject -Property @{ VMhost = $VMHost.name ComplianceStatus = $ComplianceStatus } }
One more thing that we are trying to do is capture the last time the host was checked for compliance. For a host that is not compliant I can find this value in '$Compliance.ExtensionData.CheckTime', however I can't find anything similar for a compliant host. Any ideas?
I have no idea. I am afraid that this is not possible because the Test-VMHostProfileCompliance cmdlet only returns VMHostProfileIncompliance objects. But maybe someone from the PowerCLI team can tell us this?
Noobie question. This is great. Is there a way to export the results to a csv? I need a way to place into a resultant csv.
Yep, there is a CMDlet just for exporting results to a CSV. You can pipe it at the end of a CMDlet to get it's results or you could also pipe it a variable/array if you are combinging multiple results.
Thank you! This is what I came up with.
$results
= @()
foreach
($VMHost in (Get-VMHost))
{
$Compliance = Test-VMHostProfileCompliance -VMHost $VMHost -UseCache -ErrorAction:SilentlyContinue
$AttachedProfile = Get-VMHostProfile -entity $VMHost
if ($Compliance)
{
$ComplianceStatus = $Compliance.ExtensionData.ComplianceStatus
}
elseif ($AttachedProfile)
{
$ComplianceStatus = "Compliant"
}
else
{
$ComplianceStatus = "No Profile Attached!"
}
$res = New-Object -TypeName PSObject -Property @{
VMhost
= $VMHost.name
ComplianceStatus
= $ComplianceStatus
}
$results += $res
}
$results
| Export-Csv c:\temp\profileCompliance.csv