Home > Blogs > VMware PowerCLI Blog > Author Archives: Yasen Kalchev

Author Archives: Yasen Kalchev

Enhanced Support for Distributed Switches in PowerCLI 4.1.1

Support for managing distributed switches was initially introduced in PowerCLI 4.1. In PowerCLI 4.1.1,  we extend this functionality by making changes to the following cmdlets:

Returns both standard and distributed switches. You can filter the retrieved switches by their type.
Returns the virtual port groups of the specified standard and distributed switches.
You can retrieve the hosts that are connected to a specific distributed switch.
You can retrieve the virtual machines that are connected to a specific distributed switch.
You can retrieve the host network adapters that are connected to a specific distributed switch.
New-NetworkAdapter, Set-NetworkAdapter
You can attach network adapters to a specific Port Id of the distributed switch.


By using PowerCLI cmdlets, you can migrate virtual machines and hosts between distributed virtual switches, and also create various reports related to distributed switches.


To list all distributed switches available in the vCenter Server, you can just run the Get-VirtualSwitch cmdlet:

The port groups on the distributed switch are also easy to retrieve:

If you need to get the hosts connected to the distributed switch, just filter them by using the Get-VMHost cmdlet:

Even more, you can check which host network adapters are connected to a specific distributed switch:

To check which virtual machines are part of a distributed switch network, use the DistributedSwitch parameter of the Get-VM cmdlet:

Managing vSphere Permissions with PowerCLI

vCenter Server and ESX/ESXi hosts determine the level of access for the user by reading the permissions that are assigned to the user. The combination of user name, password, and permissions authorizes the user to perform activities on vSphere server objects.

PowerCLI 4.0 U1 introduced a full set of cmdlets for managing vSphere permissions:

Retrieves the permissions defined on the specified inventory objects
Creates new permissions on the specified inventory objects for the provided users and groups in the role.
Modifies the properties of the specified permissions.
Removes the specified permissions.
Retrieve the privilege groups and items for the provided servers.
Retrieves all roles defined on the provided servers.
Creates a new role on the specified servers and applies the provided privileges.
Modifies the privileges of the provided roles.
Removes the specified roles.

By using these cmdlets, you can fully automate the setup of vSphere permissions.

The example below shows a sample scenario how to create a custom role and set permissions to a user.

First, you can get the privileges of the read-only role. A role is a predefined set of privileges. Privileges define basic individual rights required to perform actions and read properties.

To create a new role with custom privileges, use New-VIRole.

You can check the list of roles on the server including newly created role:

If you want to add more privileges to the newly created role just use the Set-VIRole cmdlet:

The privileges on the updated role can be examined by using Get-VIPrivilege with the Role parameter:

We already have a custom created role, so we can grant a permission to a user. We’ll apply permissions to a vSphere root object and propagate them across the hierarchy:

Note that the Principal parameter supports local users and groups as well as domain users/groups if the vSphere server is joined in AD.

As you noticed, we’ve granted a read-only permission, so we need to update Role of the newly created permission with our custom role:

These are the simple steps how to create a new role and grant permissions to a user.

If you want to remove permission, you can just use the Remove-VIPermission cmdlet

and Remove-VIRole to remove your custom role: