How to replace permissions in a vCenter after Group deletion

December 18, 2022

In every company there are re-orgs. And sometimes the AD administrators are faster with deleting the old group before you can update your permission sets in vCenter Server.

So I wrote a small script that helped me to get the old permissions and assigns it to the new group.

After that it will remove the old group's permissions from the vCenter.

$vmCreds = Get-Credential
$VIServers = "vcenter.benslab.net"
Connect-VIServer -Server $VIServers -Credential $vmCreds
$oldGroupName = "*NoLongerExsistingGroup*"
$newGroupName = "Group"
$newGroup = Get-VIAccount -Group $newGroupName -Domain "AD.BENS.SYSTEMS"
$UserbasedPerms = Get-VIPermission | Where { $_.Principal -like $oldGroupName}
foreach ($entityRole in $UserbasedPerms) {
    New-VIPermission -Entity $entityRole.Entity -Principal $newGroup -Role $entityRole.Role -Propagate $true
}
$GroupbasedPerms = Get-VIPermission -Principal $newGroup
$UserbasedPerms.Count
$GroupbasedPerms.Count
Remove-VIPermission -Permission $UserbasedPerms

The script can also be found on my GitLab instance.

#vSphere #PowerCLI