sometimes you have to change the root password for all ESXi hosts.
You can use the PowerCLI Set-VMHostAccount cmdlet. But this requires you to connect to each individual ESXi host, it cannot be run when connected to the vCenter server.
So, I’ve created a (rather small) script which changes the root passwords for all (or a subset) of the ESXi hosts, which are connected to a vCenter server.
$cred = Get-Credential -UserName "root" -message "Enter new ESXi root password"
$vmhosts = get-vmhost | Out-GridView -PassThru -Title "Select ESXi hosts for changing the root password"
Foreach ($vmhost in $vmhosts) {
$esxcli = get-esxcli -vmhost $vmhost.name -v2
$esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$cred.GetNetworkCredential().Password;passwordconfirmation=$cred.GetNetworkCredential().Password})
}This script request you to enter the new root password.
Then it request you to make a selection of ESXi hosts which from which the root password must be changed.
After you’ve pressed OK, a few moments (seconds) later, the root passwords have been changed for the selected ESXi hosts.
Please be aware that this script does not connect to the vCenter itself, it requires you to execute the connect-viserver cmdlet yourself.
Please leave a comment if you think this script is useful!
July 9, 2020
[…] a particular problem, a repeating problem: problems that need to be resolved multiple times on different objects. And yes, scripting are ideal for those situations.I still see a lot of admins stay away from […]
July 13, 2020
Works ! thank you very much
January 25, 2021
Get-EsxCli : A parameter cannot be found that matches parameter name ‘v2’.
At U:\Nutanix\Esxi_host_swd_Chg.ps1:10 char:42
+ $esxcli = get-esxcli -vmhost $vmhost -v2
+ ~~~
+ CategoryInfo : InvalidArgument: (:) [Get-EsxCli], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetEsxCli
You cannot call a method on a null-valued expression.
At U:\Nutanix\Esxi_host_swd_Chg.ps1:11 char:5
+ $esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$cred.GetNetw …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
January 25, 2021
Which version of PowerCLI are you using?
April 5, 2021
This is most excellent – I have an environment with many unknown root passwords Luckily they are all in vcenter.
This script has allowed me to commonize the root password so we can in the future randomize them.
October 6, 2022
Does this work with esxi 7.0 U3d hosts?
October 6, 2022
Yup, it should work (as the commands have not been changed).
March 23, 2023
Thanks for the script, it worked.
Is there also a way to get an output to csv or xlsx format for successful and unseuccessful hosts list?
I just see several rows written TRUE.
March 25, 2023
try something like this:
$results = @()
$cred = Get-Credential -UserName “root” -message “Enter new ESXi root password”
$vmhosts = get-vmhost | Out-GridView -PassThru -Title “Select ESXi hosts for changing the root password”
Foreach ($vmhost in $vmhosts) {
$esxcli = get-esxcli -vmhost $vmhost -v2
$output = $esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$cred.GetNetworkCredential().Password;passwordconfirmation=$cred.GetNetworkCredential().Password})
$results += [pscustomobject]@{
vmhost = $vmhost.name
output = $output
}
}
$results | out-gridview
August 14, 2023
Good script. Just avoid using “&” symbol in new passwords and it will work fine.
April 9, 2024
the script works like a charm on all 36 hosts! thank you!
July 25, 2024
Love this. I had to change ‘$esxcli = get-esxcli -vmhost $vmhost -v2’ to ‘$esxcli = get-esxcli -vmhost $vmhost.Name -v2’ as the $vmhost spit out all host info so the $esxcli never really sees the hostname.
September 21, 2024
Thanks! I just have modified the script for future usage
August 13, 2024
This works on some of my hosts but others give me the following:
$esxcli.system.account.set.Invoke(@{id=$cred.UserName;password=$c …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| A specified parameter was not correct: argument[1]
September 21, 2024
Have you find a solution?
Maybe a non-compliant password -or- bad esxcli connection?
October 3, 2024
Password does not accept certain characters like &. The script works perfectly.