In this post we will be going through creating local ESXi account using PowerCLI.
Recently I have had to create local account to allow a monitoring tool to pull information from all ESXi hosts.
We want to automate the user creation and assign the required permissions so that they only have the permission required for a limited time.
First we need to connect to the ESXi Host using PowerCLI
To check what account already exist use the below.
To create a new account we will use the New-VMHostAccount command
New-VMHostAccount -Id accountname -Password password -Description Account Description
Next we need to assign the required permissions. We can list the current roles using
We also need an entity to set the permission or the command will error out.
To list the entity use the
Select the entity that will have the role applied. In this case we will be applying to the root object so it applies to all objects on the host and will assigning the admin role.
New-VIPermission -Entity (Get-Folder root) -Principal accountname -Role Admin
To remove the account use the below command.
Get-VMHostAccount -User account name | Remove-VMHostAccount -Confirm:$false
Once we have the commands, we can create the script to automate the account creation and role assignment to configure multiple hosts.
The scripts uses EsxiHost as the heading for the CSV if you want to use something different the script will need to be updated.
Below is the script running against my test hosts.
.\Create-LocalESXiUser.ps1 -ESXiHostList .\EsxiHosts.csv -ESXiUser useraccount -ESXipass password -ESXiNewUser accountname -ESXiUserPass accountpass -ESXiPermission Permission -ESXiUserdesc "Account Description"
This process can also be used to update the permission for a specific account.
To download the full script use the below link to github.