[Script] Migrate Roles/Privileges to new vCenter

I recently created a Powershell script which allows you to copy/migrate your roles and privileges from one vCenter to another.

Make sure the credentials used for the login of the vCenter are allowed to create and modify roles.

To set up Powershell for the VMware commands:

  • Install-Module -Name VMware.PowerCLI -Scope CurrentUser
  • Set-PowerCLIConfiguration -Scope AllUsers -ParticipateInCeip $false -InvalidCertificateAction Ignore

The script will ask for both, source and target vCenter FQDN and credentials. Then list all roles from the source vCenter by name and ask which role to migrate. After successful creation it starts over, so no need to restart the script.

Don’t forget to review the VMware Best Practices for Roles and Permissions.

Use this script on your on risk! Make sure to backup your system beforehand!

# Define source and target vCenter for migration
$SourceVC = Read-Host -Prompt 'Enter Source vCenter FQDN: '
$TargetVC = Read-Host -Prompt 'Enter Target vCenter FQDN: '

# Allow multiple vCenter connections
Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false

# Connect to both vCenter
connect-viserver -server $SourceVC 
connect-viserver -server $TargetVC 

# List roles from source vCenter
# Select role to migrate
Get-ViRole -server $SourceVC | Format-List Name
$RoleMigrateQuestion='Do you want to migrate on of the listed vCenter roles? [Y/N]: ' 
do{
$response = Read-Host -Prompt $RoleMigrateQuestion
if ($response -eq 'y') {
$RoleName = Read-Host -Prompt 'Which role to migrate? [Rolename]: ' 

# Role privileges
$RolePriv = Get-VIPrivilege -Role $RoleName | %{$_.id}

# Create role in target vCenter
New-VIRole -name $RoleName -Server $TargetVC

# Copy same privileges to new created role 
$RolePriv | foreach-object {Set-VIRole -Role $RoleName -AddPrivilege (Get-VIPrivilege -ID $_ -server $TargetVC )} 
Write-Host 'Migration of Role succeeded!' -ForegroundColor Yellow
}

# Quit query
} until ($response -eq 'n')
Write-Host '---------------------------------------------------------------' -ForegroundColor Yellow
Write-Host 'Do not forget to define role to object and propagate if needed!' -ForegroundColor Yellow
Write-Host '---------------------------------------------------------------' -ForegroundColor Yellow
disconnect-viserver –server $SourceVC, $TargetVC

Comments are closed.

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: