Creating this service account to allow certain action to be performed by the DaaS or Citrix Virtual Apps and Desktops infrastructure can take a long time if you can’t do it yourself or if you need to do it every week on different project. Often, a check box have been forgotten and everything needs to be checked again and again.
Citrix do have a good documentation of what needs to be done here : https://docs.citrix.com/en-us/citrix-daas/install-configure/connections/connection-vmware-virtualization-environments.html
Using powershell with powercli will allow you to speed up this process and avoir any mistake. Be warae that this configuration is for MCS, some more options need to be set for PVS.
First thing we need powercli : https://www.powershellgallery.com/packages/VMware.PowerCLI/13.0.0.20829139
Install-Module -Name VMware.PowerCLI
one this is done, here is the script you need to execute :
# Change the value to match your environement
# $vcenter is the fqdn of your vcenter
# $mcsrole is the name you want to give to the create role in vSphere roles
$vcenter = vcenter.fqdn.local
$mcsrole = "Citrix MCS"
# Connection to vSphere you'll be prompted to enter your credentials
Connect-VIServer $vcenter
$ctxmcs = Get-VIPrivilege –ID System.Anonymous,System.Read,System.View,VirtualMachine.Interact.PowerOff,VirtualMachine.Interact.PowerOn,VirtualMachine.Interact.Reset,VirtualMachine.Interact.Suspend,Datastore.AllocateSpace,Datastore.Browse,Datastore.FileManagement,Network.Assign,Resource.AssignVMToPool,VirtualMachine.Config.AddExistingDisk,VirtualMachine.Config.AddNewDisk,VirtualMachine.Config.AdvancedConfig,VirtualMachine.Config.RemoveDisk,VirtualMachine.Config.CPUCount,VirtualMachine.Config.Memory,VirtualMachine.Config.Settings,VirtualMachine.Inventory.CreateFromExisting,VirtualMachine.Inventory.Create,VirtualMachine.Inventory.Delete,VirtualMachine.Provisioning.Clone,VirtualMachine.State.CreateSnapshot,Global.SystemTag,Global.ManageCustomFields,Global.SetCustomField
# Disconnect from vSphere
Disconnect-VIServer -ConfirmAt the end you just need to map your service account to this new created role and make the appropriate change in your Studio console to use this new service account.
