WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Using PowerCLI to automate the retrieval of VCSA Password Policies

Using PowerCLI to automate the retrieval of VCSA Password Policies

02.06.2020 by William Lam // Leave a Comment

I hope that every vSphere administrator or operator by now is familiar with the extremely powerful vSphere Guest Operations API functionality (details here and here), which can easily be consumed using PowerCLI's Invoke-VMScript cmdlet. If not, highly recommend you check out the links referenced. I know the GuestOps API is certainly my top favorite with sending VM keystrokes capability a very close second!

Not only does the GuestOps API unlock functionality that simply may not be possible (e.g. there's no API or automation interface) but it also enables automation within a VM without requiring any type of remote management services enabled (e.g. SSH or WinRM) or even networking to the VM for that matter!

The reason I am bringing all this up is that although there is not an API for managing and retrieving vCenter Single Sign-On (SSO) configurations which includes password policies, there is a way in which customers can still automate and retrieve this and other information by leveraging the GuestOps API. In fact, back in 2015 I demonstrated on how you can retrieve VCSA SSO password policy and configurations and we can simply apply the GuestOps API to help us automate this task. In addition, most customers do not enable SSH by default and we can still apply the GuestOps API technique and perform automation tasks to VSCSA without requiring SSH as described in this blog post back in 2016.

With this context and putting this all together, I have created a simple PowerCLI module VCSA.psm1 which includes a function called Get-VCSAPasswordPolicy which will retrieve BOTH the local OS (root) and SSO password policy configuration given a VCSA VM and its respective credentials.

Step 1 - Import the PowerCLI module

Import-Module ./VCSA.psm1

Step 2 - Run the Get-VCSAPasswordPolicy providing the name of the VCSA VM, the root password (needed to authenticate into the VM via GuestOps API) and then SSO Domain and password to perform the actual query of the SSO configurations

Get-VCSAPasswordPolicy -VCSAName "MGMT-VCSA-01" -VCSARootPassword "VMware1!" -SSODomain "vsphere.local" -SSOPassword "VMware1!"


Hopefully you can see why I am such a huge fan of the GuestOps API and what it can enable, even for things that may not be possible out of the box 🙂

More from my site

  • vCenter Server 6.0 Tidbits Part 10: Automating SSO Admin configurations
  • Handy VCSA (vCenter Server Appliance) Operational KB Resources
  • Automating VCSA 5.5 Configurations including SSO Administrator password
  • Can you really deploy the vCenter Server Appliance (VCSA) without DNS and NTP?
  • Using PowerCLI to automate the retrieval of VCSA Identity Sources

Categories // Automation, VCSA Tags // expiry, sso, vcenter server appliance, VCSA

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMware Flings is now available in Free Downloads of Broadcom Support Portal (BSP) 05/19/2025
  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...