As part of the upgrade from vSphere 4.1 to 5 we needed a list of users who access the VI via a shortcut (mainly external Third Party's) so we could contact them and explain how they can access the console in vSphere 5 (Web Client).
Each VM that requires other staff, or Third Party's, to access the console has an AD group created with the appropriate Virtual Center permissions. Each AD group is then populated with the appropriate accounts.
The first thought was just to have a script that listed the user account plus email address but no Group listing. The drawback to this was that external accounts didn't have any email accounts listed and it didn't list which VM the user needed to access.
New approach was to identify and list the Group in the output along with Users names. This would enable us to contact the Application Support people and explain the change and how to now connect. Then they would pass this information onto their Third Party suppliers.
Script
import-module activeDirectory
$vmwareGroups = get-adGroup -filter 'name -like "VMware*Console Access"'
## output object
$output = @()
$vmwareGroups | foreach {
$groupName = $_.name
$groupMembers = $_ | get-adGroupMember
$groupMembers | foreach {
$memberName = $_.name
$obj = new-object System.Management.Automation.PSObject
$obj = $obj | add-member -memberType NoteProperty -name groupName -value $groupName -passthru
$obj = $obj | add-member -memberType NoteProperty -name userName -value $memberName -passthru
$output += $obj
}
}
$output | export-csv "c:\vwmareGroups.csv" -NoTypeInformation
Thanks go to Klaas Vandenberghe (powershell.org) who helped with the initial script then one of my colleagues, Damian Shiell, who created the final script.
No comments:
Post a Comment