Using PowerCLI to synchronize vCenter Notes with Active Directory description fields

Recently one of our awesome community members posed a question for a PowerCLI script to pull some information from Active Directory to update VMware vCenter guest attributes.

This is the fun of our scripting community because we can save a lot of time by asking the question among members and often they have saved some serious time by putting a script together already.

It is really great when I get to work among really great folks like the one and only @ExchangeGoddess who is a contributing author to the Petri IT Knowledgebase (http://www.petri.co.il/author/phoummala-schmitt) so this was particularly cool to be able to help out.

What are we trying to do?

Many admins who like to update our Active Directory computer objects with a description field so that we know exactly what our servers or workstations are used for. If you don’t already do this, I highly recommend it.

description-aduc

What we want to do is get this information into our vCenter guests though because that is where a significant amount of our administration happens. Once the object is created we don’t go back to Active Directory Users and Computers (ADUC) as much. This is where we can use our Annotations field in vCenter. As you can see, it starts off empty:

description-vcenter-empty

How will we do it?

Luckily the content that we are looking for is easily accessible from the properties of the guest objects in both AD and vCenter. We want to go through our vCenter to find VMs, then query Active Directory for the object. From there we query the AD object for a Description field and then feed that content back to the VM guest into the Notes area as the Description field there.

Let’s get to the script!

SPECIAL THANK YOU: Thanks to Stevo (see comments section) for adding to the script to fix up issues where I wasn’t clearing the variable which could cause some problems.

Our script is pretty simple, but has a few prerequisites needed in order to run. For our environment, we need:

Once we meet those needs, create a .PS1 file using the following code:

# Import the Active Directory module for Get-ADComputer CmdLet
Import-Module ActiveDirectory
# Connect to vCenter
Connect-VIServer YOURVCENTERSERVERHERE
# Pull your VMs into an array
$Guests = Get-VM
# Loop through the array to read the AD Description field to set the Annotation in vCenter
ForEach ($Guest in $Guests) {
# Clear the variable just in case there is no match. It may keep the previous value.
Clear-Variable Description
Clear-Variable ADComputer
  $ADComputer = Get-ADComputer “$Guest” -Properties Description
  $Description = $ADComputer.Description
  Set-VM -VM $Guest -Notes $Description -Confirm:$false
}

A quick note about this script is that it requires that your VM object name is the same as the computer name in Active Directory. Secondly, we are doing no error handling in the script, but if the machine isn’t found in AD it just errors out and moves to the next object.

Once we run the script, you can check your vCenter object on the Summary tab and as if by magic, there it is:

description-vcenter

So now that we have the script, we should take the next step and configure this process to run regularly. I’m all about automation wherever possible, and this is a perfect candidate for a batch process.

Running PowerCLI as a Scheduled Task

Because PowerCLI requires loading PowerShell with some environment wrapped around it we can’t just load the modules using Import-Module like we can with the RSAT extensions.

While I could write about how to do this, this is a great way to promote some more awesome content, so head on over to view Magnus Andersson’s post on doing just what we want to do: http://vcdx56.com/2013/03/27/schedule-powercli-script-in-windows-task-scheduler/

So now you will have a nightly load of your Active Directory computer object content into your vCenter. You can adjust the machines that are being queried in the vCenter environment by adding some parameters to your Get-VM query. It’s just that easy 🙂

Thanks to Phoummala for the inspiration, and to Magnus (@magander3) for the great post on Windows Scheduled Tasks using PowerCLI. I hope that you all find this helpful!

 

13 thoughts on “Using PowerCLI to synchronize vCenter Notes with Active Directory description fields”

  1. Very interesting article. I went ahead with the intention of doing this at work, unfortunately we cannot install AD Web Services on any of our DC’s due to security concerns. Is there a way around this with some inventive scripting? 🙂

    Reply
    • You will only need to be running the PowerCLI and the RSAT (Remote Server Administration Tools) from a member server or workstation to run this. Luckily the AD DC doesn’t need to perform the task so you can keep it more lean without batches and tasks there.

      Reply
  2. Thanks for the quick reply. I’ve tried this on a member server and a workstation with RSAT and powercli installed. They both come back with the error

    “WARNING: Error initializing default drive: ‘Unable to find a default server with Active Directory Web Services running.'”

    It sounds like it’s a prerequisite to use the initial “Import-Module ActiveDirectory” command?

    Maybe I’m missing something, this isn’t my field of expertise 😉

    Thanks

    Reply
    • That will be a limitation based on running the 2003 forest. I should have added that these are CmdLets that run against 2008/2008R2/2012 but I didn’t test against a 2003 domain. Thanks for the heads up on this issue!

      Reply
  3. Just to add to what I already typed, I’ve since forced my member server to point to a new 2008 DC using the ‘nltest’ command. The commands then work OK 🙂 One small issue with copying your script……

    $ADComputer = Get-ADComputer “$Guest” – Properties Description

    The ‘ – ‘ next to properties has a space in it, on my particular configuration it doesn’t like that, it’s needs to be ‘-propertines’. Maybe that will help someone.

    Thanks again, I had a good/geeky time looking through this as a powershell newbie 😉

    Reply
  4. I just got back around to testing this script again in our environment. Unfortunately if the script cannot find a server matching the name of the VM it just seems to assign a description to it by the next nearest match. Is there any way to make the script bypass any VM that it doesn’t find a match for?

    Ultimately I intend to run this against our vCenter server with over 2000 VM’s across multiple domains……should be interesting!

    Reply
    • I’ve added a line to set the value to blank first. I also fixed the space between the dash and the Properties parameter. Thanks for your help in building this up 🙂

      Reply
  5. Hi Eric, thanks again for you help with this. Unfortunately I still get the same issue where VM’s with no hit in AD get a description from another server. I tried to use “clear-variable Description” as an alternative way to clear the variable, but I get the same result. Any ideas? 🙂

    Reply
  6. I think I figured it out……..we also need to clear the ADComputer variable…

    ForEach ($Guest in $Guests) {
    # Clear the variable just in case there is no match. It may keep the previous value.
    clear-variable Description
    clear-variable ADComputer
      $ADComputer = Get-ADComputer “$Guest” –Properties Description
      $Description = $ADComputer.Description
      Set-VM -VM $Guest -Notes $Description -Confirm:$false

    }

    Reply
    • I also added a thank you in the post. If you have a Twitter handle or blog where you want me to send folks to see your stuff I’d gladly add that in there too. Thanks!

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.