Clone roles between two virtual center servers


So i wanted to make a copy of a role that is in vc1. I wanted to have it in vc2.
Basically you can just open two vSphere clients, one to vc1 and other to vc2, and just select each privilege that is in this role and select it on second window. (click,click,click…) Yeah, if you have 1 role to copy, with very small amount of privileges then it is not such issue. But what if you have more?
Ok, let’s start from the beginning.

Sitauation:
VC1 ---|
.      |
.    RoleA

VC2 ---|
.      |
.    RoleA

We want to copy roleA from VC1 to VC2.
First check if your powercli runs in multi VC mode.

PowerCLI C:\Get-PowerCLIConfiguration

Proxy Policy    Default Server
                Mode
------------    ---------------
UseSystemProxy  Multiple

If not, set the default server mode to multi.

Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false

Once this is set you can now connect to multiple VC servers. Since -server handles array we can do:

Connect-viserver -server "VC1","VC2" -credential (get-credential)

Role that will be cloned has name RoleA within VC1, let’s view it:

Get-VIrole -Name "RoleA" -Server VC1 | fl *

We can see it’s description,Name,ID and what will be most important for us PrivilegeList
Let’s store the privilege list for this roleA from VC1. We will store those privileges ids as a string in string array.

[string[]]$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name "RoleA" -server VC1) |%{$_.id}

Once we have the privileges ids, we can now create blank role in VC2.

New-VIRole -name "RoleA" -Server VC2

We will now populate privileges in our empty RoleA within VC2:

Set-VIRole -role (get-virole -Name "RoleA" -Server VC2) -AddPrivilege (get-viprivilege -id $privsforRoleAfromVC1 -server VC2)

If everything went fine we should have now 1:1 copy of our RoleA. Let’s check it:

(Get-VIRole -Name RoleA -Server VC1).PrivilegeList.Count
(Get-VIRole -Name RoleA -Server VC2).PrivilegeList.Count

If you don’t want to use this additional variable that holds privileges you can put it directly in one line

Set-VIRole -role (get-virole -Name "RoleA" -Server VC2) -AddPrivilege (get-viprivilege -id (Get-VIPrivilege -Role (Get-VIRole -Name "RoleA" -server VC1) |%{$_.id}) -server VC2)

That’s it 😉

Advertisements

9 thoughts on “Clone roles between two virtual center servers

  1. Pingback: Migrating Roles & Privileges from an old vCenter to a new vCenter using PowerCLI « The Lowercase w
  2. Great, thanks!

    Only one typo / blog markup issue. After phrase “Let’s store the privilege list for this roleA from VC1. We will store those privileges ids as a string in string array”, right one PowerCLI string is:
    $privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name “RoleA” -server VC1) |%{$_.id}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s