Add-vCenterGlobalPermission - When localdomain" is passed, function should not expect domainBindUser and domainBindPass.

[slakshmanan2706]

Code of Conduct

• I have read and agree to the Code of Conduct.
• Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
• Do not leave "+1" or other comments that do not add relevant information or questions.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

VMware Cloud Foundation

5.0

Module Version

2.7.0.1013

PowerShell Version

7.3.7

PowerCLI Version

13.1

PowerVCF Version

2.3.0.1004

Guest Operating System

windows server 2019

Environment Details

No response

Description

Parameters "-domainBindUser" and "-domainBindPass" are not mandatory for Add-vCenterGlobalPermission function when "-localdomain" is passed.

elseif ($type -eq "user") {
                                                if (!$localDomain){
                                                    $objectCheck = (Get-ADUser -Server $domain -Credential $domainCreds -Filter { SamAccountName -eq $principal })
                                                    $principal = $domain.ToUpper() + "\" + $principal
                                                } else {
                                                    $principal = $domain.ToUpper() + "\" + $principal
                                                    $objectCheck = (Get-VIAccount -User -Domain $domain -server $vcfVcenterDetails.fqdn | Where-Object { $_.Name -eq $principal })
                                                }

$domainCreds is not required when localdomain is passed. If AD is not integrated with VC, user can still use localdomain which doesn't require those parameters.

Also, update example

Add-vCenterGlobalPermission -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -sddcDomain sfo-m01 -domain vsphere.local -domainBindUser administrator -domainBindPass VMw@re1! -principal svc-sfo-m01-nsx01-sfo-m01-vc01 -role "NSX to vSphere Integration" -propagate true -type user -localdomain
		This example adds the user svc-sfo-m01-nsx01-sfo-m01-vc01@vsphere.local from the vCenter Single Sign-on domain vsphere.local to Global Permissions with the "NSX to vSphere Integration" role for vCenter Server instances in the same vCenter Single Sign-On domain as management domain sfo-m01.

Error or Debug Output

no error

Expected Behavior

When localdomain" is passed, function should not expect domainBindUser and domainBindPass.

Actual Behavior

when localdomain" is passed, function is expecting domainBindUser and domainBindPass parameter.

Steps to Reproduce

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re123!"

$sddcDomainName = "sfo-w01"
$domainFqdn = "vsphere.local"

$vcdrServiceAccount = "test1-svc-vcdr-vsphere"
$vcdrServiceAccountPass = "VMw@re1!"

$vcdrRole = "Admin"

Create a local user using below cmd and assing admin to the user. Here localdomain is used and invalid domainBindUser/pass are given. Function is not considering those paramenter when localdomain is given. So make it as optional parameter.

Add-SsoUser -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -ssoUser $vcdrServiceAccount -ssoPass $vcdrServiceAccountPass

Adding New Single Sign-On User to vCenter Server (sfo-m01-vc01) named (test1-svc-vcdr-vsphere): SUCCESSFUL

PS F:\platformtools> Add-vCenterGlobalPermission -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -sddcDomain $sddcDomainName -domain $domainFqdn -principal $vcdrServiceAccount -role $vcdrRole -propagate true -type user -localdomain -domainBindUser "invalid" -domainBindPass "invalid"
Adding Global Permissions for user (VSPHERE.LOCAL\test1-svc-vcdr-vsphere) with role (Admin) in vCenter Server (sfo-w01-vc01) and vCenter Single Sign-On domain (vsphere.local): SUCCESSFUL

Log Fragments and Files

No response

Screenshots

No response

References

No response

[github-actions]

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.