Jump to content

VMWare ESX Password Reset Example


Recommended Posts

Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process)

Step 2: Add new Password Record configured as follows:

 

Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account.  If you configure an Expiry Date it will automatically change the password when that date is reached.

2016-08-29_10-53-51.png

 

Screen 2:  Three are three options on this page to configure:

  • Confirm the Reset Linux Password reset script is selected 
  • Determine whether or not to use a Privileged Account and select the appropriate option. If you do not use a Privileged Account, Passwordstate will connect to the host using the account on the Password Details tab (which in this example is marlee), and perform the reset.  Otherwise it will connect to the host with the Privileged Account username and password, and then perform the reset for the user account (marlee)
  • Confirm the Password Reset Schedule is enabled if you want the password to automatically change when the Expiry Date occurs

 

2019-01-22_14-30-18.png

 

Screen 3: Confirm the Validate Password for Linux Account validation script is selected

 

2019-01-22_14-30-48.png

 

 

 

 

Link to post
Share on other sites
  • 1 year later...

I've developed a script, which uses PowerCLI/API (VMwares powershell-modules), instead of SSH. SSH is by default disabled on ESXi-hosts for security-reasons, and I want to keep it that way :) 

 

As mentioned needs PowerCLI installed on the server (Guide can be found here https://blogs.vmware.com/PowerCLI/2017/08/updating-powercli-powershell-gallery.html). No privileged account needed.

 

Function Set-ESXiPassword 
{
	[CmdletBinding()]
	param (
		[String]$HostName,
		[String]$UserName,
        		[String]$OldPassword,
		[String]$NewPassword
	)	
	try{
	    $conn=Connect-VIServer $HostName -User $UserName -Password $OldPassword
	} catch {
		switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
		"*incorrect user*" { Write-Output "Incorrect username or password on host '$HostName'"; break}
		"*" {write-output $error[0].Exception.ToString().ToLower();break}
		}
	}
	try{
	    $change=Set-VMHostAccount -UserAccount $UserName -Password $NewPassword
	    Disconnect-Viserver * -confirm:$false
	} catch {
	
	  switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
			"*not currently connected*" {Write-Output "It wasn't possible to connect to '$HostName'";break}
			"*weak password*" { Write-Output "Failed to execute script correctly against Host '$HostName' for the account '$UserName'. It appears the new password did not meet the password complexity requirements on the host."; break }
			"*" {write-output $error[0].Exception.ToString().ToLower();break}
			#Add other wildcard matches here as required
			default { Write-Output "Success" }
		}
	}
}

Set-ESXiPassword -HostName '[HostName]' -UserName '[UserName]' -OldPassword '[OldPassword]' -NewPassword '[NewPassword]' 

Regards

Stefan

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...