1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
<#
.SYNOPSIS
Sets the password for the given account across one or more VMware hosts.
.EXAMPLE
.\Set-VMHostAccountPassword.ps1 -VMHost "host1","host2","host3" -Credential (Get-Credential)
Get prompted for all credential information so it is not on the command line.
.EXAMPLE
"host1","host2","host3" | .\Set-VMHostAccountPassword.ps1 -Credential (Get-Credential)
Use pipelining.
.EXAMPLE
.\Set-VMHostAccountPassword.ps1 -Credential $myCred -accountName root -newPassword Secret123 -VMHost "host1","host2","host3" -testConnection
Specify everything on the command line.
#>
PARAM
(
[parameter(Mandatory=$true,
ValueFromPipeline=$true,
HelpMessage="An array of VM host names.")]
[String[]]$VMHost,
[parameter(Mandatory=$false,
HelpMessage="The credential used to connect to the host.")]
[System.Management.Automation.PSCredential]$credential,
[parameter(Mandatory=$false,
HelpMessage="The account whose password will be changed.")]
[String]$accountName,
[parameter(Mandatory=$false,
HelpMessage="The new password for the account.")]
[String]$newPassword,
[parameter(Mandatory=$false,
HelpMessage="Do a post-change connection test to validate the password.")]
[switch]$testConnection
)
BEGIN
{
# Provide param prompting. This is a workaround for the multiple prompting that
# happens if this were done in the PARAM block.
if (!$credential)
{
$myCredential = Get-Credential
}
else
{
$myCredential = $credential
}
if (!$accountName)
{
$myAccountName = Read-Host "Account to change:"
}
else
{
$myAccountName = $accountName
}
if (!$newPassword)
{
$myNewPassword = Read-Host "New password:"
}
else
{
$myNewPassword = $newPassword
}
}
PROCESS
{
foreach ($h in $VMHost)
{
"Changing the password for {0} on {1}." -f $myAccountName, $h
$connection = Connect-VIServer -Server $h -Credential $myCredential -ErrorAction SilentlyContinue
if (!$connection)
{
"ERROR: Unable to connect to {0} to change the password." -f $h
continue
}
# Do the actual work of changing the password.
$accountError = $false
$account = Get-VMHostAccount $myAccountName -ErrorAction SilentlyContinue
if (!$account)
{
"ERROR: The account {0} on {1} could not be found." -f $myAccountName, $h
$accountError = $true
}
else
{
$account = $account | Set-VMHostAccount -Password $myNewPassword -ErrorAction SilentlyContinue
if (!$account)
{
"ERROR: The password for account {0} on {1} could not be set." -f $myAccountName, $h
$accountError = $true
}
}
Disconnect-VIServer $connection -Confirm:$false
# If there was a problem with the account, move to the next host.
if ($accountError)
{
continue
}
# Test the connection using the new password if requested.
if ($testConnection)
{
"Testing the password for {0} on {1}." -f $myAccountName, $h
$connection = Connect-VIServer -Server $h -User $myAccountName -Password $myNewPassword -ErrorAction SilentlyContinue
if (!$connection)
{
Write-Error ("Unable to verify the password for {0} on {1}." -f $myAccountName, $h)
continue
}
"Password changed for {0} on {1}." -f $myAccountName, $h
Disconnect-VIServer $connection -Confirm:$false
}
}
}
|