How to create new vCenter local account using VCSA CLI

How to create an SSO user account using an SSH session on VCSA with help of dir-cli utility. It is possible through the dir-cli to create and manage SSO Users within the Platform Services Controller (PSC).

The dir-cli utility allows you to create and update solution users, create other user accounts, and manage certificates and passwords in vmdir. Use this utility together with vecs-cli and certool to manage your certificate infrastructure.

Pre-requesites:

SSH root access with the Administrator SSO password credentials to the VCSA appliance.

How to create new venter local account using CLI?

  1. Login to VCSA 6.5 as root on ssh session.
  2. You will get command prompt

3. Create a new user account on SSO using dir-cli.


[email protected] [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli user create --account gopal --first-name gopal --last-name krishna --user-password ‘[email protected]'

Enter password for [email protected]:
User account [gopal] created successfully

4. Add the user in group administrator or your custom group.

[email protected] [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli group modify --name Administrators --add gopal

Enter password for [email protected]:
Account [gopal] added to group [Administrators]
Group member [gopal] added successfully

5. List the administrators users.

[email protected] [ ~ ]# /usr/lib/vmware-vmafd/bin/dir-cli group list --name Administrators
Enter password for [email protected]:
cn=Administrator,cn=Users,dc=vsphere,dc=local
CN=machine-xxxxxx-18f4-4a97-bdf0-df9adc8f9458,CN=ServicePrincipals,DC=vsphere,DC=local
CN=vsphere-webclient-xxxxxx-18f4-4a97-bdf0-df9adc8f9458,CN=ServicePrincipals,DC=vsphere,DC=local
CN=gopal krishnan,cn=users,dc=vsphere,dc=local

6. You are done now. Access the vSphere web client portal using the credentials.

There is another way to get the list of local user accounts in the vCenter Server Appliance.

You can see the list of the local user accounts so that you can decide which user account to manage from the appliance shell.

  1. Access the appliance shell and log in as a user who has a super administrator role.The default user with a super administrator role is root.
Command> localaccounts.user.list
Config:
  1:
      Username: root
      Status: enabled
      Role: superAdmin
      Passwordstatus: valid
      Fullname: root
      Email: ''
Command>

You can see a list of the local users. The information about a user includes the user name, status, role, status of the password, full name, and email.

Creating the appliance management account.

Command> localaccounts.user.add --role operator --username gopal --password
Enter password:
Reenter password:
Command>
Command> localaccounts.user.list
Config:
  1:
      Username: root
      Status: enabled
      Role: superAdmin
      Passwordstatus: valid
      Fullname: root
      Email: ''

 2:
      Username: gopal
      Status: enabled
      Role: operator
      Passwordstatus: valid
      Fullname: gopal krishnan
      Email: '
[email protected] [ ~ ]#