VMWare ESXi/vCenter Roles and Permissions Import/Export Script

Here are two PowerCLI scripts I wrote for ESXi/vCenter.  First, you needed to export all the roles and permissions from one server.

1.  You must use the Connect-VIServer command-let to connect to the appropriate server first.

2.  Run the following script

“” > “C:\roles.txt”
$arrCustomRoles = Get-VIRole | Where-Object {-not $_.IsSystem}
ForEach ($objRole in $arrCustomRoles)
{
$arrRolePermissions = Get-VIPrivilege -Role $objRole
“Role`t” + $objRole.Name >> “C:\roles.txt”
ForEach ($objPermission in $arrRolePermissions)
{
“Priv`t” + $objPermission.ID >> “C:\roles.txt”
}
}

This will export all roles and permissions from the specified server to a text file on the root of C:\

3.  Use the Connect-VIServer command-let to connect to the server that will receive the import.

4.  Run the following script to import the roles and permissions to the new server.

$arrFileContents = Get-Content -path “C:\roles.txt”
ForEach ($strLine in $arrFileContents)
{
If ($strLine.contains(“Role`t”))
{
$strRoleName = $strLine.Split(“`t”)[1]
$objRole = New-VIRole -Privilege $readOnlyPrivileges -Name $strRoleName
}
If ($strLine.contains(“Priv`t”))
{
$strPrivName = $strline.Split(“`t”)[1]
$objPriv = Get-VIPrivilege -ID $strPrivName
$objToNull = Set-VIRole –Role $strRoleName –AddPrivilege $objPriv
}
}

5.  Sit back and take credit for all of my hard work 🙂

**These scripts are not cross version compatible.  For instance they will not export from ESXi version 5.0 to 5.1**