Monday, February 15, 2016

Export vcenter roles (privileges) - Powercli.

This post I am continuing from another posts, Migration from one vcenter to another.

Exporting virtual machine annotation (Attributes) and notes to CSV file - Powercli

Move/Migrate VMs to folder Path on another vCenter - Powercli

Get vCenter VM folder Path from VMs and Templates- Powercli

Importing VM annotation (Attributes) and notes from CSV file into vCenter - Powercli

Import vCenter roles (privileges) - Powercli

Export vcenter roles (privileges)


In this post I will be showing how to export roles. and can be imported to another vCenter. This is completely dedicated to exporting roles only, they are exported to specified folder with .role extension. As you can see I have multiple roles created, some are by default created roles, my script skip those roles and only backup User created roles.
When you edit one of the role you will see information some thing like this, these are called roles privileges. Each privilege has some meaning ful name, ie inside alarms there is acknowledge alarm rights.
Here is my script that can pull all this information and keeps in .role file. Copy paste this script and keep it in ps1 file.
  <#   
  .Synopsis   
   Exports vsphere roles to text file extension roles.   
  .Description   
   This script exports only the custom created roles by users   
  .Example   
   Export-vSphereRoles -Path c:\temp  
   Exports Roles to the folder.   
  .Notes  
   NAME: Export-vSphereRoles   
   AUTHOR: Kunal Udapi   
   LASTEDIT: 12th February 2016  
   KEYWORDS: Export Roles   
  .Link   
   #Check Online version: http://kunaludapi.blogspot.com    
   #Requires -Version 3.0   
  #>   
  #requires -Version 3    
 [CmdletBinding(SupportsShouldProcess)]   
  Param(   
   [Parameter(Mandatory=$true, Position=1,   
    ValueFromPipeline=$true)]   
   [AllowNull()]   
   [alias("LiteralPath")]   
   [string]$Path = "c:\temp"    
  ) #Param   
 Begin {  
   $DefaultRoles = "NoAccess", "Anonymous", "View", "ReadOnly", "Admin", "VirtualMachinePowerUser", "VirtualMachineUser", "ResourcePoolAdministrator", "VMwareConsolidatedBackupUser", "DatastoreConsumer", "NetworkConsumer"  
   $DefaultRolescount = $defaultRoles.Count  
   $CustomRoles = @()  
 } #Begin  
   
 Process {  
   $AllVIRoles = Get-VIRole  
   
   0..($DefaultRolescount) | ForEach-Object {  
     if ($(Get-Variable "role$_" -ErrorAction SilentlyContinue)) {  
       Remove-Variable "role$_" -Force -Confirm:$false  
     } #if ($(Get-Variable "role$_" -ErrorAction SilentlyContinue))  
   } #0..($DefaultRolescount) | Foreach-Object  
   
   0..$DefaultRolescount | ForEach-Object {  
     $DefaultRolesnumber = $DefaultRoles[$_]  
     if ($_ -eq 0) {  
       New-Variable "role$_" -Option AllScope -Value ($AllVIRoles | Where-Object {$_.Name -ne $DefaultRolesnumber})  
     } #if ($_ -eq 0)  
     else {  
       $vartxt = $_ - 1  
       $lastrole = 'role'+"$vartxt"  
       #Get-Variable $lastrole  
       New-Variable "role$_" -Option AllScope -Value (Get-Variable "$lastrole" | select -ExpandProperty value | Where-Object {$_.Name -ne $DefaultRolesnumber})  
     } #else ($_ -eq 0)  
   } #0..$DefaultRolescount | ForEach-Object  
   $filteredRoles = Get-Variable "role$($DefaultRolescount-1)" | select -ExpandProperty value  
 } #Process  
 End {  
   $filteredRoles | ForEach-Object {  
     $completePath = Join-Path -Path $Path -ChildPath "$_.role"  
     Write-Host "Exporting Role `"$($_.Name)`" to `"$completePath`"" -ForegroundColor Yellow  
     $_ | Get-VIPrivilege | select-object -ExpandProperty Id | Out-File -FilePath $completePath  
   } #$filteredRoles | ForEach-Object  
 } #End  
   
Open vmwere vsphere powercli,  Make sure your execution policy is set to remote singed or something that can execute script. Mine is unrestricted, I only run script created by me only.
Connect to old vcenter server using Connect-VIServer command.
Once you are connected. time to execute command, I have saved my script under c:\script. and this is how I run that script with dot sourcing. Once you run ps1 file you can see on the screen what is happening in yellow.
All the roles file are stored on the c:\temp, now you can copy paste these roles in zip file and ready to be used on other vcenter for importing.
You can open role file in notepad and the view is as below. This is how exported vcenter role file looks like, in my next blog i am going to use same file and export privileges to another vCenter.

6 comments:

Anonymous said...

Awesome Script. Very helpful VMware should have this functionality built in!

Thanks again.

Anonymous said...

Works great. Thank you

ragirags said...

great script.. it works..

JDMils said...

Awesome work, thanks a bunch! It helped me out to migrate from a V6.0 to V6.7 vCenter. However I found the following issues:
* If the role name contains a "/" then the script errors on that role and nothing is recorded. Error is:

Exporting Role "VSC Scan/Migrate" to "C:\Users\myname\Documents\VSC Scan\Migrate.role"
Out-File : Could not find a part of the path 'C:\Users\myname\Documents\VSC Scan\Migrate.role'.
At C:\Users\myname\Documents\Export_VIRoles.ps1:60 char:64
+ $_ | Get-VIPrivilege | select-object -ExpandProperty Id | Out-File -FilePat ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

Anonymous said...

what if I just want to import on vc role and not the entire list? I was browsing thru the script to see where I can identify this, but couldn't locate it. Well, at least the section I thought was relevant, wasn't correct.

Thanks in advance for your help!

Kevin Mathison said...

Great Post!

You can call POF help center services by using the POF customer service number.

POF Toll Free Number

Recover deleted account on POF