Creating Users and Groups on a ESXi 5 Host

by admin

There are a number of ways to create users and groups on a ESXi host. The most familiar way is to use the vSphere client. You do this by connecting the client directly to a host, rather than to vCenter, then browse to the Local Users and Groups tab:


To create a new user you can right click anywhere in this screen, then click ‘Add’. You will see the following screen:


You can enter a login name and a password and select whether shell access is required. UID and username are optional – these will be generated if you choose not to specify anything. You can also select the group membership. By default the new user will be added to the Users group, if no other group is selected.

You can also create groups in the same way, after switching to the groups view:


Note: Groups have been depreciated in ESXi 5.1 onwards.

Creating ESXi Users with the CLI or vMA

You can also create/add new users and groups on an ESXi host using the CLI or vMA. For example, from the vMA, you can run the following command to create a new user.

vi-admin@vma:~[esxi1.vmlab.loc]> vicfg-user -e user -o add -l testuser
Enter password for the user:
Enter password for the user again:
Created user testuser successfully.

We can verify it has been created by running the following, to list the users on the host:

vi-admin@vma:~[esxi1.vmlab.loc]> vicfg-user -e user  -o list
Principal -: testuser
Full Name -: ESXi User
UID -: 1003
Shell Access -:1

There are a number of other options you can use with vicfg-user including removing users, creating and removing groups and adding users to groups. You can also reset users passwords and associate users with roles. For example, to assign the new ‘testuser’ the admin role, you can run:

vi-admin@vma:~[esxi1.vmlab.loc]> vicfg-user -e user -o modify -l testuser -r admin
Updated user testuser successfully.
Assigned the role admin

All available options can be viewed by running:

vicfg-user --help

Creating Users and Groups using PowerCLI

You can also use PowerCLI to create users and groups using the New-VMHostAccount cmdlet:

PowerCLI C:\> New-VMHostAccount -Id TestUser2 -Password Pa55w0rd -Description "Test User"

Name                 Domain               Description
----                 ------               -----------
TestUser2                                 Test User

Roles and Permissions

Once you have created your local accounts, by which ever method you choose, you will need to associate the account with a role in order for it to be able to perform tasks on the host. This is done through the Roles pane in the vSphere client, (though, as shown earlier, you can also use the CLI):


As shown above, there are three built-in roles: No Access, Read-Only and Administrator. These roles can be cloned and modified, or new ones can be created, to allow for more granular control:


Once you have created your users and roles, you can then use them to assign permissions to objects on the host:


Useful Links and Resources

Keep up to date with new posts on - Follow us on Twitter:
Be Sociable, Share!

Leave a Comment


Previous post:

Next post: