This is a quick post on how to create a new user and add it to a role on ESXi host Using PowerShell or Powercli.
## This script creates a new user and adds the user to a role on the ESX host:
$NewUser = 'New_user_name'
$NewUserPassword = ‘New_user_Password'
$NewUserDesc = 'New_user_description'
$HOSTCredentials = Get-Credential -Credential root
$ESXhost = 'ESXi_HOST'
Connect-VIServer $ESXhost -Credential $HOSTCredentials
New-VMHostAccount -Id $NewUser -Password $NewUserPassword -Description $NewUserDesc -UserAccount -Server $ESXhost -AssignGroups users
$AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager
$Entity = Get-Folder ha-folder-root | Get-View
$Perm = New-Object VMware.Vim.Permission
$Perm.entity = $Entity.MoRef
$Perm.group = $false
$Perm.principal = $NewUser
$Perm.propagate = $true
# You can either specify roleID or use the line below if you know the role name.
# $Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "ReadOnly"}).RoleId
$Perm.roleId = "-2"
$AuthMgr.SetEntityPermissions($Entity.MoRef,$Perm)
Disconnect-VIServer -Server $ESXhost -Confirm:$false
## Here is the list of common roles / role IDs:
RoleName | Label | RoleId |
NoAccess | No access | -5 |
Anonymous | Anonymous | -4 |
View | View | -3 |
ReadOnly | Read-only | -2 |
Admin | Administrator | -1 |
VirtualMachinePowerUser | Virtual machine power user (sample) | 4 |
VirtualMachineUser | Virtual machine user (sample) | 5 |
ResourcePoolAdministrator | Resource pool administrator (sample) | 6 |
VMwareConsolidatedBackupUser | VMware Consolidated Backup user (sample) | 7 |
DatastoreConsumer | Datastore consumer (sample) | 8 |
NetworkConsumer | Network consumer (sample) | 9 |
## For the full list of Roles you have in your environment please use this script:
$report =@()
$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
$row = "" | Select RoleName, Label, RoleId
$row.RoleName = $role.Name
$row.Label = $role.Info.Label
$row.RoleId = $role.RoleId
$report += $row
}
$report
## This script creates a new user and adds the user to a role on the ESX host:
$NewUser = 'New_user_name'
$NewUserPassword = ‘New_user_Password'
$NewUserDesc = 'New_user_description'
$HOSTCredentials = Get-Credential -Credential root
$ESXhost = 'ESXi_HOST'
Connect-VIServer $ESXhost -Credential $HOSTCredentials
New-VMHostAccount -Id $NewUser -Password $NewUserPassword -Description $NewUserDesc -UserAccount -Server $ESXhost -AssignGroups users
$AuthMgr = Get-View (Get-View ServiceInstance).Content.AuthorizationManager
$Entity = Get-Folder ha-folder-root | Get-View
$Perm = New-Object VMware.Vim.Permission
$Perm.entity = $Entity.MoRef
$Perm.group = $false
$Perm.principal = $NewUser
$Perm.propagate = $true
# You can either specify roleID or use the line below if you know the role name.
# $Perm.roleId = ($AuthMgr.RoleList | where {$_.Name -eq "ReadOnly"}).RoleId
$Perm.roleId = "-2"
$AuthMgr.SetEntityPermissions($Entity.MoRef,$Perm)
Disconnect-VIServer -Server $ESXhost -Confirm:$false
## For the full list of Roles you have in your environment please use this script:
$report =@()
$authMgr = Get-View AuthorizationManager
foreach($role in $authMgr.RoleList){
$row = "" | Select RoleName, Label, RoleId
$row.RoleName = $role.Name
$row.Label = $role.Info.Label
$row.RoleId = $role.RoleId
$report += $row
}
$report
