Change vCenter Role for a list of VMs
Use case: An existing Active Directory group needs to be re-assigned a different Role with more restrictive permissions on a given list of VMs.
Assumption: New (restricted) role has already been created in vCenter. This is to quickly update the list of VMs with an existing Role.
$ADGroup = 'DOMAIN\ADM-VMManagers' $NewRole = "VMManagers-RestrictedRole" # Change this variable to the local path to your text list of VMs $serverList = Get-Content e:\Powershell\RestrictedRoleVMs-list.txt foreach ($vmName in $serverList) { New-VIPermission -Entity $vmName -Principal $ADGroup -Role $NewRole -Propagate:$false -Confirm:$false }
To get a list of inventory objects with the new Role assigned:
Get-VIPermission | where { $_.Role -eq 'VMManagers-RestrictedRole' } | Select entity, role, principal