So you can easily add users with useradd command we talked about. But there’s still a problem, you can’t add user-roles to the user you’re creating. You still need the VirtualCenter client to do that. My colleague Horst Mundt read my post and was so kind to email me a powershell script he created that can add roles to specific users or groups for you:

$VCimpl = Get-VIServer -Server 192.168.116.201 -User root -Password <...>
# Note: Server is an ESX host, not VC
# Force load
[Reflection.Assembly]::LoadWithPartialName("vmware.vim")

# Edit hostname below
$hostname = "esx302.hm.local" 

# The name of the role to be assigned
$roleLabel="Read-Only"
#$roleLabel="Administrator"

#The name of the principal (user or group) that the role is assigned to
$principal="GroupX"

# set to false if principal is a user , not a group
$principalIsGroup = $true

$propagateToSubEntities = $true

$svcRef = new-object VMware.Vim.ManagedObjectReference
$svcRef.Type = "ServiceInstance"
$svcRef.Value = "ServiceInstance"
$serviceInstance = get-view $svcRef

$authMgr = Get-View $serviceInstance.Content.AuthorizationManager
$hahost = Get-View (Get-VMhost -Name $hostname).ID
$compResource = $hahost.Parent
$oldperms = $authMgr.retrieveEntityPermissions($hahost.MoRef, $true)
$roles = $authMgr.roleList
$roleid = 0
$found = $false
for ($i = 0 ; $i -lt $roles.Length ; $i++)
{
      $role=$roles[$i]
      if ($role.Info.Label -eq $roleLabel)
      {
            $roleid = $role.RoleId
            $found = $true
      }
}
if ( $found -eq $false )
{
      echo ("Role not found: " + $roleLabel )
      exit 1
}

$permission = New-Object Vmware.Vim.Permission
$permission.group = $principalIsGroup
$permission.principal = $principal
$permission.propagate = $propagateToSubEntities
$permission.roleID = $roleid
$authmgr.SetEntityPermissions($compResource, @($permission))

The script has been tested on ESX 3.0.2. I did not have the opportunity to test it myself by the way… So if anyone can test it against ESX 3.5 and let’s us know what the results are!