Often there are issues in environments where ESXi passwords are forgotten. The only options to recover are using Host profile or Re-Installation. If host profile feature is not available , I have come up this function in PowerCli which is combined with EsxCli. To make use of this function there are some prerequisites. 1. We should be connected to vCenter in PowerCLI, below is the command to connect to vCenter. Connect-VIServer vcentername -User username -Password password123 2. You should be using the PowerCli 6.3 or later version.Below is the command to check the PowerCli version. Get-PowerCLIVersion 3.Password length should be more than 7 characters to 40 characters.Please refer below link for Password policy. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html
function Set-VMHostPassword
{
<#
.NOTES
===========================================================================
Created by: Ankush Sethi
Blog: www.vmwarecode.com
===========================================================================
.SYNOPSIS
Recover the ESXI root/other user's Password
.DESCRIPTION
Function will recover the esxi root password using PowerCli
.PARAMETER VMHost
Enter the esxi Hotsname for which we need to recover the password.
.PARAMETER UserName
Enter the username of esxi host.
.PARAMETER Password
Enter the new password for esxi host.
.EXAMPLE
example 1>Set-VMHostPassword -VMHost (Get-VMHost homelab.vmwarecode.com) -UserName root -Password VMware123! `
example 2>Get-VMHost Homelab.vmwarecode.com|Set-VMHostPassword -UserName root -Password VMware123!
#>
param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[VMware.VimAutomation.ViCore.Impl.V1.VIObjectImpl]$VMHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[String[]]$UserName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Password
)
process {
try
{
$validation1=Get-VMHost $VMHost -ErrorAction Stop
}
catch
{
Write-Error -Message "Please check the host is part of connected vCenter or not and try again" -ErrorAction Stop
}
If(($validation1.ConnectionState -eq "Connected") -or ( $validation1.ConnectionState -eq "Maintenance"))
{
$esxcli=Get-EsxCli -VMHost $VMHost -V2
$IDList=$esxcli.system.account.list.invoke().UserID
If(($IDList -contains $UserName) -ne $true){Write-Error -Message "Entered Username does not exist in esxi userid list" -ErrorAction stop}
}
else
{
Write-Error -Message "ESXI is not connected or maintenance mode to perform the action" -ErrorAction Stop
}
$argu=$esxcli.system.account.set.CreateArgs()
$argu.id=$UserName
$argu.password=$Password
$argu.passwordconfirmation=$Password
$output=$esxcli.system.account.set.invoke($argu)
}
end{
If($output -eq $true)
{
Get-VIEvent -Entity (Get-VMHost $VMHost) -MaxSamples 1|?{$_.fullformattedmessage -match "Password"}|select UserLogin,Createdtime,Username,Fullformattedmessage|ft -AutoSize
$hostd=Get-Log -Key hostd -VMHost (Get-VMHost $VMHost)
$hostd.Entries|Select-String "Password was changed for account" |select -Last 1
}
}
}
Sample usage of function: With hostname from pipeline.
Get-VMHost EsxiName|Set-VMHostPassword -UserName root -Password Password123!
Sample usage of function: With all arguments defined
Set-VMHostPassword -VMHost (Get-VMHost ESXIName) -UserName root -Password Password123!
Output: Once password is change it will display the events from event log and Hostd logs.
How to use the Function
- Copy the code from above and paste it into Notepad.
- Save it with anyname with extension of .ps1
- Open the PowerCli and to go the directory where it is saved using cd command
- Run the command . .\FileName.ps1 (Note :There is a space between 2 dots.)
- Function is loaded in local session of PowerCli and you are good to use this as cmdlet.
VMwareCode 
13 responses to “Changing ESXI host’s forgotten root password using PowerCli”
Hi Ankush, with your help I am able to reset the ESXi password without painful, Thank you very much for your support.
LikeLike
Thank you ….
LikeLike
Awesome script..thanks a lot.
LikeLike
What an awesome function Ankush, made the job of resetting root an multiple esx hosts a breeze!! Thank you
LikeLike
What an awesome function Ankush, made the job of resetting root an multiple esx hosts a breeze!! Thank you
LikeLike
[…] found this post online which serves the purpose but wanted to add little magic to […]
LikeLike
Excellent article,worked without moving vms or rebooting host.
Thanks to Ankush for this magnificent creation.
LikeLike
Thank you mate this is a life saver at times….
LikeLike
PS /root> Set-VMHostPassword -VMHost (Get-VMHost psz-esxi-mid.psz.corp.pegatron) -UserName root -Password xxxxxxxxx
InvalidOperation: /root/test.ps1:44
Line |
44 | $IDList=$esxcli.system.account.list.invoke().UserID
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| You cannot call a method on a null-valued expression.
Set-VMHostPassword: Entered Username does not exist in esxi userid list
esxi version 5.5
How to fixed it ?
LikeLike
Hi Ankush, very usefull function. Thank You.
one question. how can i use it against multiple hosts,
Exmample: a csv file with list of esxi hosts or all the esxi hosts in the vcenter.
LikeLike
It depends on requirement , whether all esxi we want to set same password or not
If we want to set same password for all then we could run this in for loop , if we need to set different password for each host then we need to take route of CSV
LikeLike
Get-VMHost | foreach { Set-VMHostPassword -VMHost $_.name -UserName root -Password Password123!
Would this change all esxi hosts at one command without putting host names from CSV ?
LikeLike
Thank you Ankush, a must have powercli’s function!
LikeLike