VMware PowerCLI
The Best User Interface for your VMware Datacenter!
The Best User Interface for your VMware Datacenter!
The Best User Interface for your VMware Datacenter!
Today, vCenter SSO operations can not be Automated through PowerCLI, it would be very useful to expose a module that would provide such capabilities. Below are several articles outline use cases that rely on a CLI that resides on the vCenter Server and ideally, this functionality can be remotely called via an API that PowerCLI can consume
http://www.virtuallyghetto.com/2015/05/vcenter-server-6-0-tidbits-part-9-creating-managing-sso-users-using-dir-cli.html
William Lam
Global permission is not in the SsoAdmin domain. There is a PowerShell Module that covers the global permissions
https://www.powershellgallery.com/packages/VIPerms/0.0.6
Hi Sourav,
Please add this as a feature request in the github repo. We would like to keep all feature requests for this module in one place.
Would it be possible to add Global Permissions management capability to this module? That would probably be a useful part of SSO user management.
Is it possible to add an active directory server with specific domain controllers with this module? I don't see anything about passing SSL certs in the parameters, which are required for ldaps://
We have developed an open source module to allow managing SSO Admin functionality. It's available at: https://github.com/vmware/PowerCLI-Example-Scripts/tree/master/Modules/VMware.vSphere.SsoAdmin
https://github.com/vmware/PowerCLI-Example-Scripts/pull/386
Feel free to jump in and comment.
Hi everybody,
If you have to set priorities to which SsoAdmin features should be available in PowerShell choosing from below list what are the most needed:
-PasswordPolicy: Get/Set
-ExternalDomain: Add/Get
-LocalOSDomain: Add/Get
-LocalUser: Get/New/Remove
-LocalUserPassword: Reset
-SolutionUser: Get/New/Remove
-GroupManagement:
-Cert Managment: New/Get/Delete-Certificate, TrustedCertificate, KnownCertificateChains, New-SignerIdentity
-ClockTolerance: Get/Set-ClockTolerance
-STS Settings: DelegationCount, RenewCount, HoKLifetime, BearerTokenLifetime
This is what I've been looking for, really meaningful
This is the last piece missing for standing up an ENTERPRISE ready virtual datacenter fully automated.
This would be a huge improvement for deployments, configuration management, and compliance auditing. It astounds me that this has not been an option.
If I could upvote this 1,000 times, I would. I could hack this in 6.5 by pulling over a couple of .sh files from a 6.0 install, but it's just not possible so far as I can tell in 6.7. So much for being able to automate an entire deploy.
This would be really useful. I'm in the process of automating a vSphere installation with PowerCLI and this is the one big piece missing...
This is actually a big deal, as for things like the vSphere STIG... DISA has a lot of SSO-centric things that can't be automated today... I broke it down on my github repo for doing STIG things: https://github.com/stvkpln/vsphere-stig-powercli