This post I am continuing from another posts, Migration from one vcenter to another.
Exporting virtual machine annotation (Attributes) and notes to CSV file - Powercli
Move/Migrate VMs to folder Path on another vCenter - Powercli
Get vCenter VM folder Path from VMs and Templates- Powercli
Importing VM annotation (Attributes) and notes from CSV file into vCenter - Powercli
Import vCenter roles (privileges) - Powercli
Export vcenter roles (privileges)
In this post I will be showing how to export roles. and can be imported to another vCenter. This is completely dedicated to exporting roles only, they are exported to specified folder with .role extension. As you can see I have multiple roles created, some are by default created roles, my script skip those roles and only backup User created roles.
When you edit one of the role you will see information some thing like this, these are called roles privileges. Each privilege has some meaning ful name, ie inside alarms there is acknowledge alarm rights.
Here is my script that can pull all this information and keeps in .role file. Copy paste this script and keep it in ps1 file.
<#
.Synopsis
Exports vsphere roles to text file extension roles.
.Description
This script exports only the custom created roles by users
.Example
Export-vSphereRoles -Path c:\temp
Exports Roles to the folder.
.Notes
NAME: Export-vSphereRoles
AUTHOR: Kunal Udapi
LASTEDIT: 12th February 2016
KEYWORDS: Export Roles
.Link
#Check Online version: http://kunaludapi.blogspot.com
#Requires -Version 3.0
#>
#requires -Version 3
[CmdletBinding(SupportsShouldProcess)]
Param(
[Parameter(Mandatory=$true, Position=1,
ValueFromPipeline=$true)]
[AllowNull()]
[alias("LiteralPath")]
[string]$Path = "c:\temp"
) #Param
Begin {
$DefaultRoles = "NoAccess", "Anonymous", "View", "ReadOnly", "Admin", "VirtualMachinePowerUser", "VirtualMachineUser", "ResourcePoolAdministrator", "VMwareConsolidatedBackupUser", "DatastoreConsumer", "NetworkConsumer"
$DefaultRolescount = $defaultRoles.Count
$CustomRoles = @()
} #Begin
Process {
$AllVIRoles = Get-VIRole
0..($DefaultRolescount) | ForEach-Object {
if ($(Get-Variable "role$_" -ErrorAction SilentlyContinue)) {
Remove-Variable "role$_" -Force -Confirm:$false
} #if ($(Get-Variable "role$_" -ErrorAction SilentlyContinue))
} #0..($DefaultRolescount) | Foreach-Object
0..$DefaultRolescount | ForEach-Object {
$DefaultRolesnumber = $DefaultRoles[$_]
if ($_ -eq 0) {
New-Variable "role$_" -Option AllScope -Value ($AllVIRoles | Where-Object {$_.Name -ne $DefaultRolesnumber})
} #if ($_ -eq 0)
else {
$vartxt = $_ - 1
$lastrole = 'role'+"$vartxt"
#Get-Variable $lastrole
New-Variable "role$_" -Option AllScope -Value (Get-Variable "$lastrole" | select -ExpandProperty value | Where-Object {$_.Name -ne $DefaultRolesnumber})
} #else ($_ -eq 0)
} #0..$DefaultRolescount | ForEach-Object
$filteredRoles = Get-Variable "role$($DefaultRolescount-1)" | select -ExpandProperty value
} #Process
End {
$filteredRoles | ForEach-Object {
$completePath = Join-Path -Path $Path -ChildPath "$_.role"
Write-Host "Exporting Role `"$($_.Name)`" to `"$completePath`"" -ForegroundColor Yellow
$_ | Get-VIPrivilege | select-object -ExpandProperty Id | Out-File -FilePath $completePath
} #$filteredRoles | ForEach-Object
} #End
Open vmwere vsphere powercli, Make sure your execution policy is set to remote singed or something that can execute script. Mine is unrestricted, I only run script created by me only.
Connect to old vcenter server using Connect-VIServer command.
Once you are connected. time to execute command, I have saved my script under c:\script. and this is how I run that script with dot sourcing. Once you run ps1 file you can see on the screen what is happening in yellow.
All the roles file are stored on the c:\temp, now you can copy paste these roles in zip file and ready to be used on other vcenter for importing.
You can open role file in notepad and the view is as below. This is how exported vcenter role file looks like, in my next blog i am going to use same file and export privileges to another vCenter.
Awesome Script. Very helpful VMware should have this functionality built in!
ReplyDeleteThanks again.
Works great. Thank you
ReplyDeletegreat script.. it works..
ReplyDeleteAwesome work, thanks a bunch! It helped me out to migrate from a V6.0 to V6.7 vCenter. However I found the following issues:
ReplyDelete* If the role name contains a "/" then the script errors on that role and nothing is recorded. Error is:
Exporting Role "VSC Scan/Migrate" to "C:\Users\myname\Documents\VSC Scan\Migrate.role"
Out-File : Could not find a part of the path 'C:\Users\myname\Documents\VSC Scan\Migrate.role'.
At C:\Users\myname\Documents\Export_VIRoles.ps1:60 char:64
+ $_ | Get-VIPrivilege | select-object -ExpandProperty Id | Out-File -FilePat ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
+ FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand
what if I just want to import on vc role and not the entire list? I was browsing thru the script to see where I can identify this, but couldn't locate it. Well, at least the section I thought was relevant, wasn't correct.
ReplyDeleteThanks in advance for your help!
Great Post!
ReplyDeleteYou can call POF help center services by using the POF customer service number.
POF Toll Free Number
Recover deleted account on POF