VMware PowerCLI Reset ESXI Host Root Password Script

Here is another useful PowerCli Script for VMware Administrator, especially during the time when organization required change all system accounts’ passwords – change password 60-90 days policy.

We all know it is a pain logging into ESXI Remote Console individually and setting the root password via ILO/DRAC/KVM (HP, Dell, and UCS)

So why not leaverage PowerCLI script to make things easier. For example, setting ESXI root password from powercli script.

I. Prerequisites

a. VMware Powercli 5 or 6  and  Existing ESXI Root Password,

b. Rest_esxi_root_password.ps1 and esxserver.txt script files. : Click below image to view what are the script files names:

scriptfiles

b. Edit esxserver.txt and add list of ESXI Host FQDN or IP Addresses in the esxserver.txt: Click below image to view the syntax of ESXI host list within the esxserver.txt

hostlist

III. Reset ESXI Root Password Code:

###########################################################################
# This script changes the root password on all ESX hosts in the esxservers.txt textfile
# Get old root credential
$oldrootPassword = Read-Host “Enter old root password” -AsSecureString
$oldrootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist “root”,$oldrootPassword
# Get new root credential
$newrootPassword = Read-Host “Enter new root password” -AsSecureString
$newrootCredential = new-object -typename System.Management.Automation.PSCredential -argumentlist “root”,$newrootPassword
$newrootPassword2 = Read-Host “Retype new root password” -AsSecureString
$newrootCredential2 = new-object -typename System.Management.Automation.PSCredential -argumentlist “root”,$newrootPassword2
# Compare passwords
If ($newrootCredential.GetNetworkCredential().Password -ceq $newrootCredential2.GetNetworkCredential().Password) {
    # Create new root account object
$rootaccount = New-Object VMware.Vim.HostPosixAccountSpec
$rootaccount.id = “root”
$rootaccount.password = $newrootCredential.GetNetworkCredential().Password
$rootaccount.shellAccess = “/bin/bash”
    # Get list of Host servers from textfile to change root password on
Get-Content C:\scripts\esxservers.txt | %{
Connect-VIServer $_ -User root -Password $oldrootCredential.GetNetworkCredential().Password -ErrorAction SilentlyContinue -ErrorVariable ConnectError | Out-Null
If ($ConnectError -ne $Null) {
Write-Host “ERROR: Failed to connect to ESX server:” $_
}
Else {
$si = Get-View ServiceInstance
$acctMgr = Get-View -Id $si.content.accountManager
$acctMgr.UpdateUser($rootaccount)
Write-Host “Root password successfully changed on” $_
Disconnect-VIServer -Confirm:$False | Out-Null
}
}
}
Else {
Write-Host “ERROR: New root passwords do not match. Exiting…”
}

###############################################################################

III. Download ESXI Root Password.

[embeddoc url=”http://blog.itsysintegration.net/wp-content/uploads/2015/11/Reset_esxi_root_password.zip” download=”all”]

III. Step by Step Illustration.

a. Launch PowerCli -as – Run As Administrator.

openpowercli

b. Copy Reset_esxi_root_password.zip (download link above) and extra it on local machine.

*Please note, No need to type  Connect-VIServer, to log into ESXI or Vcenter,  the script will take host list and old password to authenticate in the systems, it is part of the  PowerCLI script .

logintopowercli

 

c.  Edit and save, the esxserver.text with ESXI host(s) you will be reset root password. (please note you must know the orginal root password to proceed to be successfully with Root Password set script. )

 

editesxihostlist

 d.Execute the Reset_esxi_root_password.ps1 >  .\Reset_esxi_root_password.ps1

runrootscript

 

e. You will get prompt to input old password.

promptoldpw

f. Then prompted for new password and confirm new password.

esxinewrootpw*Please note make sure the path to esxserver.txt is set correct.
By default it is set to c:script\esxserver.txt. Make sure it matches where both rest_esxi_root_password.ps1 and esxserver.txt is copied to local machine.
For example, here is the error message you will see:
Get-Content : Cannot find path ‘C:\scripts\esxservers.txt’ because it does not exist.
At C:\Users\richard\Desktop\Powercli\RootESXI\Reset_esxi_root_password.ps1:25 char:5
+     Get-Content C:\scripts\esxservers.txt | %{
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : ObjectNotFound: (C:\scripts\esxservers.txt:String) [Get-Content], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand

 

*if the old password was not input correct- it will error out with below message.

ERROR: Failed to connect to ESX server: x.x.x.x.

esxirooterror

 

g. Successfully reset ESXI host root password prompt.

resetrootpassw

 

Reference:
1. Change ESXI Root Password 
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004659

2.PSCredential Class (System.Management.Automation
https://technet.microsoft.com/en-us/magazine/ff714574.aspx

 

 


Leave a Reply

Your email address will not be published. Required fields are marked *