Changing ESXI host’s forgotten root password using PowerCli

Often there are issues in environments where ESXi passwords are forgotten.
The only options to recover are using Host profile or Re-Installation.
If host profile feature is not available ,

I have come up this function in PowerCli which is combined with EsxCli.

To make use of this function there are some prerequisites.

1. We should be connected to vCenter in PowerCLI, below is the command to connect to vCenter.
Connect-VIServer vcentername -User username -Password password123
2. You should be using the PowerCli 6.3 or later version.Below is the command to check the PowerCli version.
Get-PowerCLIVersion
3.Password length should be more than 7 characters to 40 characters.Please refer below link for Password policy.
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html
function Set-VMHostPassword
{
<#
.NOTES
===========================================================================
Created by: Ankush Sethi
Blog:       www.vmwarecode.com
===========================================================================
.SYNOPSIS
Recover the ESXI root/other user's Password
.DESCRIPTION
Function will recover the esxi root password using PowerCli
.PARAMETER VMHost
Enter the esxi Hotsname for which we need to recover the password.
.PARAMETER UserName
Enter the username of esxi host.
.PARAMETER Password
Enter the new password for esxi host.
.EXAMPLE
example 1>Set-VMHostPassword -VMHost (Get-VMHost homelab.vmwarecode.com) -UserName root -Password VMware123! `
example 2>Get-VMHost Homelab.vmwarecode.com|Set-VMHostPassword -UserName root -Password VMware123!
#>
param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[VMware.VimAutomation.ViCore.Impl.V1.VIObjectImpl]$VMHost,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]
[String[]]$UserName,
[Parameter(Mandatory=$true)]
[ValidateNotNullOrEmpty()]$Password
)
process {
try
{
$validation1=Get-VMHost $VMHost -ErrorAction Stop
}
catch
{
Write-Error -Message "Please check the host is part of connected vCenter or not and try again" -ErrorAction Stop
}
If(($validation1.ConnectionState -eq "Connected") -or ( $validation1.ConnectionState -eq "Maintenance"))
{
$esxcli=Get-EsxCli -VMHost $VMHost -V2
$IDList=$esxcli.system.account.list.invoke().UserID
If(($IDList -contains $UserName) -ne $true){Write-Error -Message "Entered Username does not exist in esxi userid list" -ErrorAction stop}
}
else
{
Write-Error -Message "ESXI is not connected or maintenance mode to perform the action" -ErrorAction Stop
}
$argu=$esxcli.system.account.set.CreateArgs()
$argu.id=$UserName
$argu.password=$Password
$argu.passwordconfirmation=$Password
$output=$esxcli.system.account.set.invoke($argu)
}
end{
If($output -eq $true)
{
Get-VIEvent -Entity (Get-VMHost $VMHost) -MaxSamples 1|?{$_.fullformattedmessage -match "Password"}|select UserLogin,Createdtime,Username,Fullformattedmessage|ft -AutoSize
$hostd=Get-Log -Key hostd -VMHost (Get-VMHost $VMHost)
$hostd.Entries|Select-String "Password was changed for account" |select -Last 1
}
}
}

Sample usage of function: With hostname from pipeline.

Get-VMHost EsxiName|Set-VMHostPassword -UserName root -Password Password123!

Sample usage of function: With all arguments defined

Set-VMHostPassword -VMHost (Get-VMHost ESXIName) -UserName root -Password Password123!

Output: Once password is change it will display the events from event log and Hostd logs.

How to use the Function

  1. Copy the code from above and paste it into Notepad.
  2. Save it with anyname with extension of .ps1
  3. Open the PowerCli and to go the directory where it is saved using cd command
  4. Run the command . .\FileName.ps1 (Note :There is a space between 2 dots.)
  5. Function is loaded in local session of PowerCli and you are good to use this as cmdlet.

One Reply to “Changing ESXI host’s forgotten root password using PowerCli”

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s