VMware

PowerCLI – Copy Roles, Privileges and Permissions from One vCenter to Multiple vCenters

After being asked a question around copying Roles and Privileges from one vCenter to another vCenter, I looked over many different PowerCLI scripts to perform the task with many the providing steps but never really appearing to take the process to the level that I wanted and for my customer.

I considered creating my own script to get to the level that I wanted but then I stumbled across the following post by Shane Marsh

http://www.shanemarsh.co.uk/2019/12/02/copy-permissions-privileges-roles-from-one-vcenter-to-multiple-vcenters/

This script takes the option of providing a role from a source vCenter and applying that role to multiple destination vCenters.  There is also a capability to perform some permissions work, which I believe could be to add an account to a particular folder on the destination vCenters utilising the role that has just been created.  It also looks like it wouldn’t take too much to go through and enhance the script further to handle multiple roles from the source vCenter.

I’ve gone through and tested the script in my lab environment and it works well… all credit to Shane for the work that he has done.  As always, please make sure that you test any scripts in your own test environment before applying them to a production environment.  Scripts are provided as is, and therefore there is no liability on the script writer for any damage or data loss incurred by running any of the scripts.

 

UPDATED:

So, I was recently informed that the web page referenced above for Shane Marsh is unavailable.  Unfortunately, my lab environment has been rebuilt since this post was published and I have managed to lose the original script that I was using.  I have sourced an alternative script, which is listed below and is also available on ‘The Lowercase w’ blog here:  http://thelowercasew.com/migrating-roles-privileges-from-an-old-vcenter-to-a-new-vcenter-using-powercli

I haven’t been able to test this script in my lab environment and therefore you will need to exercise caution when testing it.  My previous disclaimer above is still valid.  Having said that, the comments on ‘The Lowercase w’ blog post seem to agree that the script works as expected

[php]#################################################

#

# PowerCLI Script to Transfer Roles between vCenters

# Written by BLiebowitz on 11/6/2015

#

#################################################

# Variables

$VC1="VCENTER1"

$VC2="VCENTER2"

# Set the PowerCLI Configuration to connect to multiple vCenters

Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false

# Connect to both the source and destination vCenters

connect-viserver -server $VC1, $VC2

# Get roles to transfer

$roles = get-virole -server $VC1

# Get role Privileges

foreach ($role in $roles) {

[string[]]$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name $role -server $VC1) |%{$_.id}

# Create new role in VC2

New-VIRole -name $role -Server $VC2

# Add Privileges to new role.

Set-VIRole -role (get-virole -Name $role -Server $VC2) -AddPrivilege (get-viprivilege -id $privsforRoleAfromVC1 -server $VC2)

}

disconnect-viserver –server $VC1, $VC2[/php]

 

3 thoughts on “PowerCLI – Copy Roles, Privileges and Permissions from One vCenter to Multiple vCenters

Leave a Reply

Your email address will not be published. Required fields are marked *