Scripting Short: Replace Group Permissions

During a an internal restructuring I needed to replace one AD group with a new one, and keep the existing permissions.

During a an internal restructuring  I needed to replace one AD group with a new one, and keep the existing permissions.

As the old group was no longer available in the AD, I needed to get the permissions from the currently stored permissions.

$vmCreds = Get-Credential
$VIServers = "vcenter.benslab.net"
Connect-VIServer -Server $VIServers -Credential $vmCreds
$oldGroupName = "*NoLongerExsistingGroup*"
$newGroupName = "Group"
$newGroup = Get-VIAccount -Group $newGroupName -Domain "AD.BENS.SYSTEMS"
$UserbasedPerms = Get-VIPermission | Where { $_.Principal -like $oldGroupName}
foreach ($entityRole in $UserbasedPerms) {
    New-VIPermission -Entity $entityRole.Entity -Principal $newGroup -Role $entityRole.Role -Propagate $true
}
$GroupbasedPerms = Get-VIPermission -Principal $newGroup
$UserbasedPerms.Count
$GroupbasedPerms.Count
Remove-VIPermission -Permission $UserbasedPerms

I hope this script helps you all.

Subscribe to Ben writes about VMs

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe