Clone roles between two virtual center servers

by Grzegorz Kulikowski

So i wanted to make a copy of a role that is in vc1. I wanted to have it in vc2.
Basically you can just open two vSphere clients, one to vc1 and other to vc2, and just select each privilege that is in this role and select it on second window. (click,click,click…) Yeah, if you have 1 role to copy, with very small amount of privileges then it is not such issue. But what if you have more?
Ok, let’s start from the beginning.
[sourcecode language=”powershell”]
Sitauation:
VC1 —|
. |
. RoleA

VC2 —|
. |
. RoleA
[/sourcecode]
We want to copy roleA from VC1 to VC2.
First check if your powercli runs in multi VC mode.
[sourcecode language=”powershell”]
PowerCLI C:\Get-PowerCLIConfiguration

Proxy Policy Default Server
Mode
———— —————
UseSystemProxy Multiple
[/sourcecode]
If not, set the default server mode to multi.
[sourcecode language=”powershell”]
Set-PowerCLIConfiguration -DefaultVIServerMode multiple -Confirm:$false
[/sourcecode]

Once this is set you can now connect to multiple VC servers. Since -server handles array we can do:
[sourcecode language=”powershell”]
Connect-viserver -server "VC1","VC2" -credential (get-credential)
[/sourcecode]
Role that will be cloned has name RoleA within VC1, let’s view it:
[sourcecode language=”powershell”]
Get-VIrole -Name "RoleA" -Server VC1 | fl *
[/sourcecode]
We can see it’s description,Name,ID and what will be most important for us PrivilegeList
Let’s store the privilege list for this roleA from VC1. We will store those privileges ids as a string in string array.
[sourcecode language=”powershell”]
[string[]]$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name "RoleA" -server VC1) |%{$_.id}
[/sourcecode]
Once we have the privileges ids, we can now create blank role in VC2.
[sourcecode language=”powershell”]
New-VIRole -name "RoleA" -Server VC2
[/sourcecode]
We will now populate privileges in our empty RoleA within VC2:
[sourcecode language=”powershell”]
Set-VIRole -role (get-virole -Name "RoleA" -Server VC2) -AddPrivilege (get-viprivilege -id $privsforRoleAfromVC1 -server VC2)
[/sourcecode]
If everything went fine we should have now 1:1 copy of our RoleA. Let’s check it:
[sourcecode language=”powershell”]
(Get-VIRole -Name RoleA -Server VC1).PrivilegeList.Count
(Get-VIRole -Name RoleA -Server VC2).PrivilegeList.Count
[/sourcecode]
If you don’t want to use this additional variable that holds privileges you can put it directly in one line
[sourcecode language=”powershell”]
Set-VIRole -role (get-virole -Name "RoleA" -Server VC2) -AddPrivilege (get-viprivilege -id (Get-VIPrivilege -Role (Get-VIRole -Name "RoleA" -server VC1) |%{$_.id}) -server VC2)
[/sourcecode]
That’s it 😉

Advertisements

You may also like

10 comments

OA October 1, 2013 - 3:52 pm

Great script and explanation!!! Thanks a lot!!!

Reply
iwk October 22, 2013 - 3:32 pm

Thanks, it helped. My first touch with PowerCli saved my much time.

Reply
Franky March 6, 2014 - 7:09 pm

that’s not working with the parameter -id

Reply
knofiller April 18, 2014 - 2:47 am

Thanks a lot. It works on vCenter 5.5 U1

Reply
Eugene August 6, 2014 - 7:42 pm

There are so many complicate scripts. This one is simple and works great.

Reply
John David Dove January 16, 2015 - 4:30 am

great explanations here.. thanks for the write up.

Reply
Richard Powers (@TheStig) July 30, 2015 - 11:06 pm

Thanks for posting this. Worked well and gave me good practical examples.
Thanks
-Richpo

Reply
Migrating Roles & Privileges from an old vCenter to a new vCenter using PowerCLI « The Lowercase w November 6, 2015 - 8:15 pm

[…] I came across this CLONE ROLES BETWEEN TWO VIRTUAL CENTER SERVERS blog post by Grzegorz Kulikowski which talked about how to do the export/import using the […]

Reply
Alex July 5, 2017 - 9:32 am

Great, thanks!

Only one typo / blog markup issue. After phrase “Let’s store the privilege list for this roleA from VC1. We will store those privileges ids as a string in string array”, right one PowerCLI string is:
$privsforRoleAfromVC1=Get-VIPrivilege -Role (Get-VIRole -Name “RoleA” -server VC1) |%{$_.id}

Reply
pitbullrotorcraft.com May 16, 2018 - 9:10 pm

I get pleasure from, result in I found exactly what I was looking for.
You have ended my 4 day lengthy hunt! God Bless you man. Have a great day.
Bye

Reply

Leave a Reply

Chinese (Simplified)DutchEnglishFrenchGermanHindiPolishRussianSpanish