PowerCli: bulk change ESXi root passwords with vCenter

sometimes you have to change the root password for all ESXi hosts.
You can use the PowerCLI Set-VMHostAccount cmdlet. But this requires you to connect to each individual ESXi host, it cannot be run when connected to the vCenter server.

So, I’ve created a (rather small) script which changes the root passwords for all (or a subset) of the ESXi hosts, which are connected to a vCenter server.

$cred = Get-Credential -UserName "root" -message "Enter new ESXi root password"
$vmhosts = get-vmhost | Out-GridView -PassThru -Title "Select ESXi hosts for changing the root password"
Foreach ($vmhost in $vmhosts) {
    $esxcli = get-esxcli -vmhost $vmhost -v2 
    $esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$cred.GetNetworkCredential().Password;passwordconfirmation=$cred.GetNetworkCredential().Password})
}

This script request you to enter the new root password.
Then it request you to make a selection of ESXi hosts which from which the root password must be changed.
After you’ve pressed OK, a few moments (seconds) later, the root passwords have been changed for the selected ESXi hosts.

Please be aware that this script does not connect to the vCenter itself, it requires you to execute the connect-viserver cmdlet yourself.

Please leave a comment if you think this script is useful!

10 Comments

  1. […] a particular problem, a repeating problem: problems that need to be resolved multiple times on different objects. And yes, scripting are ideal for those situations.I still see a lot of admins stay away from […]

    Reply
  2. Houssem DGHAIES
    July 13, 2020

    Works ! thank you very much

    Reply
  3. Scott
    January 25, 2021

    Get-EsxCli : A parameter cannot be found that matches parameter name ‘v2’.
    At U:\Nutanix\Esxi_host_swd_Chg.ps1:10 char:42
    + $esxcli = get-esxcli -vmhost $vmhost -v2
    + ~~~
    + CategoryInfo : InvalidArgument: (:) [Get-EsxCli], ParameterBindingException
    + FullyQualifiedErrorId : NamedParameterNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetEsxCli

    You cannot call a method on a null-valued expression.
    At U:\Nutanix\Esxi_host_swd_Chg.ps1:11 char:5
    + $esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$cred.GetNetw …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    Reply
    1. vVikingNL
      January 25, 2021

      Which version of PowerCLI are you using?

      Reply
  4. Scott Grey
    April 5, 2021

    This is most excellent – I have an environment with many unknown root passwords Luckily they are all in vcenter.
    This script has allowed me to commonize the root password so we can in the future randomize them.

    Reply
  5. Pradeep Adapa
    October 6, 2022

    Does this work with esxi 7.0 U3d hosts?

    Reply
    1. admin
      October 6, 2022

      Yup, it should work (as the commands have not been changed).

      Reply
  6. nohackmove
    March 23, 2023

    Thanks for the script, it worked.
    Is there also a way to get an output to csv or xlsx format for successful and unseuccessful hosts list?
    I just see several rows written TRUE.

    Reply
    1. admin
      March 25, 2023

      try something like this:
      $results = @()
      $cred = Get-Credential -UserName “root” -message “Enter new ESXi root password”
      $vmhosts = get-vmhost | Out-GridView -PassThru -Title “Select ESXi hosts for changing the root password”
      Foreach ($vmhost in $vmhosts) {
      $esxcli = get-esxcli -vmhost $vmhost -v2
      $output = $esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$cred.GetNetworkCredential().Password;passwordconfirmation=$cred.GetNetworkCredential().Password})
      $results += [pscustomobject]@{
      vmhost = $vmhost.name
      output = $output
      }
      }
      $results | out-gridview

      Reply
  7. Guest
    August 14, 2023

    Good script. Just avoid using “&” symbol in new passwords and it will work fine.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top