Updated the SsoAdmin projects to reference WCF from the framework instead of a package.

Signed-off-by: Atanas Atanasov <adatanasov@vmware.com>
Merge pull request #587 from Geo-Ron/issue-586
2022-10-04 17:42:22 +03:00 · 2022-08-17 14:45:21 +03:00 · 2022-08-17 13:07:41 +02:00 · 2022-08-15 17:34:35 +02:00 · 2022-08-09 13:56:45 +03:00 · 2022-08-01 12:03:30 +03:00
178 changed files with 27552 additions and 1583 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 #VS Code Files
 *.vscode
 /.vs
 # Windows image file caches
 Thumbs.db
@@ -49,3 +50,4 @@ $RECYCLE.BIN/
 Network Trash Folder
 Temporary Items
 .apdisk
 /Modules/VMware.vSphere.SsoAdmin/ForPSGallery/VMware.vSphere.SsoAdmin
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,42 +0,0 @@
 # PowerCLI-Example-Scripts
 VMWARE TECHNOLOGY PREVIEW LICENSE AGREEMENT
 Notice to User: This Technology Preview License Agreement (the “Agreement”) is a CONTRACT between you (either an individual or a single entity) (“you” or “Licensee”) and VMware, Inc. (“VMware”), which covers your use of the Technology Preview Software (as defined below). If you do not agree to the terms of this Agreement, then do not install or use the Technology Preview Software. By explicitly accepting this Agreement, however, or by installing, copying, downloading, accessing, or otherwise using the Technology Preview Software, you are acknowledging and agreeing to be bound by the following terms.
 1.	DEFINITIONS. (a)  “Technology Preview Software” means the unreleased, concept version of VMware’s software, in object form only, excluding any Open Source Software provided with the such software, and the media and Documentation provided by VMware to Licensee and for which Licensee is granted a use license pursuant to this Agreement.  (b)  “Documentation” means the printed and online written reference material furnished to Licensee in conjunction with the Technology Preview Software, including, without limitation, instructions, testing guidelines, and end user guides.  (c)  “Intellectual Property Rights” shall mean all intellectual property rights, including, without limitation, patent, copyright, trademark, and trade secret.  (d)  “Open Source Software” means various open source software components provided with the Technology Preview Software that are licensed to you under the terms of the applicable license agreements included with such open source software components or other materials for the Technology Preview Software.   (e)  “Updates” means a modification, error correction, bug fix, new release, or other update to or for the Technology Preview Software.
 2.	LICENSE GRANT, USE AND OWNERSHIP.
       (a)  Limited License.  Subject to the terms and conditions of this Agreement, VMware grants to Licensee a non-exclusive, non-transferable license (without the right to sublicense) (i) to use the Technology Preview Software in accordance with the Documentation solely for purposes of internal testing and evaluation, (ii) to use the Documentation provided with the Technology Preview Software in support of Licensee’s authorized use of the Technology Preview Software, and (iii) to copy the Technology Preview Software for archival or backup purposes, provided that all titles and trademarks, copyright, and restricted rights notices are reproduced on such copies.  
 	(b) Evaluation Feedback. The purpose of this limited license is the testing and evaluation of the Technology Preview Software as set forth above.  In furtherance of this purpose, Licensee shall provide feedback to VMware concerning the functionality and performance of the Technology Preview Software from time to time as reasonably requested by VMware, including, without limitation, identifying potential errors and improvements.  Licensee will provide the requested feedback in a manner that is convenient to Licensee subject to reasonable availability of Licensee’s personnel.  Notwithstanding the foregoing, prior to Licensee disclosing to VMware any information under this Agreement that Licensee considers proprietary or confidential, Licensee shall obtain VMware’s prior written approval to disclose such information to VMware, and without such prior written approval from VMware, Licensee shall not disclose any such information to VMware.  VMware may use feedback to improve or enhance its products and, accordingly, you hereby grant to VMware a non-exclusive, perpetual, irrevocable, royalty-free, transferable, worldwide right and license, with the right to sublicense, to use, reproduce, disclose, distribute, perform, display, modify, prepare derivative works of and otherwise exploit the feedback and other information without restriction in any manner now known or in the future conceived and to make, use, sell, offer to sell, import and export any product or service that incorporates the feedback and other information.
       (c)  Restrictions. Licensee shall not copy or use the Technology Preview Software (including the Documentation) except as expressly permitted in this Agreement.  Except to the extent that any applicable mandatory laws prevent VMware restraining Licensee from doing so, Licensee will not, and will not permit any third party to, sublicense, rent, copy, modify, create derivative works of, translate, reverse engineer, decompile, disassemble, or otherwise reduce to human perceivable form any portion of the Technology Preview Software or accompanying Documentation.  Without limiting the generality of the foregoing, Licensee shall not use the Technology Preview Software for Licensee’s product development or any other commercial purpose.  The Technology Preview Software and all performance data and test results, including without limitation, benchmark test results (collectively “Performance Data”)  relating to the Technology Preview Software are the Confidential Information of VMware, and will be treated in accordance with the terms of Section 4 of this Agreement.  Accordingly, Licensee shall not publish or disclose to any third party any Performance Data relating to the Technology Preview Software.     
       (d)  Ownership.  VMware shall own and retain all right, title and interest in and to the Intellectual Property Rights in the Technology Preview Software, subject only to the limited license expressly set forth in Section 2(a) hereof.  Licensee does not acquire any other rights, express or implied, in the Technology Preview Software.  ALL RIGHTS NOT EXPRESSLY GRANTED HEREUNDER ARE RESERVED TO VMWARE. 
 	(e)  No Support Services.  VMware is under no obligation to support the Technology Preview Software in any way or to provide any Updates to Licensee.  In the event VMware, in its sole discretion, supplies any Update to Licensee, the Update shall be deemed Technology Preview Software under this Agreement and shall be subject to the terms and conditions of this Agreement.
 	(f)  Third-Party Software.  The Technology Preview Software may enable a computer to run multiple instances of third-party guest operating systems and application programs.  Licensee acknowledges that Licensee is responsible for obtaining any licenses necessary to operate any third-party software, including guest operating systems and application programs.
       (g)  Open Source Software.  Except for Sections 5, 6 and 7, the terms and conditions of this Agreement shall not apply to any Open Source Software accompanying the Technology Preview Software.  Any such Open Source Software is provided under the terms of the open source license agreement or copyright notice accompanying such Open Source Software or in the open source licenses file accompanying the Technology Preview Software. 
 3. TERM AND TERMINATION.  Licensee’s rights with respect to the Technology Preview Software will terminate upon the earlier of (a) automatic expiration of the Technology Preview Software based on the system date, or (b) termination by VMware, in its sole discretion, of Licensee’s rights with respect to the Technology Preview Software provided under this Agreement upon notice on the VMware website. Upon any expiration or termination of rights with respect to the Technology Preview Software under this Agreement, the rights and licenses granted to Licensee under this Agreement shall immediately terminate, and Licensee shall immediately cease using, and will destroy or render practically inaccessible the Technology Preview Software, Documentation, and all other tangible items in Licensee’s possession or control that contain Confidential Information.  The rights and obligations of the parties set forth in Sections 2(b), 2(c), 2(d), 2(e), 2(f), 2(g), 3, 4, 5, 6 and 7 shall survive termination or expiration of this Agreement for any reason.
 4.	CONFIDENTIALITY.  (a)  Confidentiality.  "Confidential Information" means the Technology Preview Software, all information regarding the Technology Preview Software (including any trade secrets, know-how, inventions, techniques, processes, and algorithms embodied in the Technology Preview Software), Documentation, Performance Data, any Updates, and other information provided by VMware to Licensee under this Agreement, whether disclosed orally, in writing, or by examination or inspection, other than information that Licensee can demonstrate (i) was already known to Licensee, other than under an obligation of confidentiality, at the time of disclosure; (ii) was generally available in the public domain at the time of disclosure to Licensee; (iii) became generally available in the public domain after disclosure other than through any act or omission of Licensee; (iv) was subsequently lawfully disclosed to Licensee by a third party without any obligation of confidentiality; or (v) was independently developed by Licensee without use of or reference to any information or materials disclosed by VMware or its suppliers.  If Licensee is required to disclose Confidential Information by applicable law or court order, Licensee shall notify VMware of the required disclosure promptly in writing and shall cooperate with VMware in any lawful action to contest or limit the scope of the required disclosure.  Confidential Information shall include, without limitation, any information relating to VMware products, product roadmaps, and other technical, business, financial and product development plans, forecasts and strategies.  Licensee shall not use any Confidential Information for any purpose other than as expressly authorized under this Agreement.  In no event shall Licensee use the Technology Preview Software or any Confidential Information to develop, manufacture, market, sell, or distribute any product or service, including any VMware products.  Licensee shall not disclose any Confidential Information to any third party. Without limiting the foregoing, Licensee shall use at least the same degree of care that it uses to prevent the disclosure of its own confidential information of like importance, but in no event less than reasonable care, to prevent the disclosure of such Confidential Information.   (b)  Additional Confidentiality Restrictions for Highly Confidential Technology Preview Software.  For certain Technology Preview Software designated by VMware as highly confidential (“Highly Confidential Technology Preview Software”) in VMware’s correspondence to you regarding this Technology Preview Software or in any Documentation, additional heightened confidentiality restrictions designated below will apply.  (i)  	Licensee shall limit dissemination of Highly Confidential Technology Preview Software and related information concerning product features, future technologies and roadmaps only to Information Technology teams and/or software/solutions development teams of Licensee designated by VMware, and only to individuals on those teams who have a need to know the Confidential Information for purposes expressly authorized under this Agreement.  For clarity and without limiting the generality of the foregoing, Licensee shall not disseminate any Highly Confidential Technology Preview Software to Licensee's sales and marketing field organizations.  Licensee will assign an employee who will be primarily responsible (“Primary Contact”) for ensuring that the terms of this Agreement are complied with.   (ii)	 Licensee acknowledges that damages for improper disclosure of Highly Confidential Technology Preview Software or related information concerning product features, future technologies and roadmaps may be irreparable and that monetary damages would be inadequate to compensate VMware for any breach of this Agreement.  In the event that VMware reasonably believes that Licensee has disseminated certain of such Highly Confidential Technology Preview Software or related information concerning product features, future technologies and roadmaps to an unauthorized party, Licensee will be immediately removed from VMware’s Technology Preview Software program and will not be permitted to participate in any VMware Technology Preview Software program in the future.  Additionally, all rights and licenses granted to Licensee under this Agreement shall immediately terminate in accordance with Section 3 herein (Term and Termination).   (c) Remedies.  In addition to all other remedies available in law or otherwise, VMware is entitled to seek equitable relief, including injunctive relief, against the threatened breach of this Agreement or the continuation of any such breach.
 5.	LIMITATION OF LIABILITY.  IT IS UNDERSTOOD THAT THE TECHNOLOGY PREVIEW SOFTWARE IS PROVIDED WITHOUT CHARGE FOR LIMITED EVALUATION PURPOSES.  ACCORDINGLY, THE TOTAL LIABILITY OF VMWARE AND ITS LICENSORS ARISING OUT OF OR RELATED TO THIS AGREEMENT SHALL NOT EXCEED US$100.00.  TO THE FULLEST EXTENT PERMITTED BY LAW, IN NO EVENT SHALL VMWARE OR ITS LICENSORS HAVE LIABILITY FOR ANY INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL, OR CONSEQUENTIAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY (INCLUDING WITHOUT LIMITATION, TORT, STATUTE, CONTRACT OR OTHER), EVEN IF VMWARE AND ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.  THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. 
 6.	WARRANTY DISCLAIMER.  IT IS UNDERSTOOD THAT THE TECHNOLOGY PREVIEW SOFTWARE, OPEN SOURCE SOFTWARE, DOCUMENTATION, AND ANY UPDATES MAY CONTAIN ERRORS AND ARE PROVIDED FOR LIMITED EVALUATION ONLY.  THE TECHNOLOGY PREVIEW SOFTWARE, THE OPEN SOURCE SOFTWARE, THE DOCUMENTATION, AND ANY UPDATES ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE.  VMWARE AND ITS LICENSORS SPECIFICALLY DISCLAIM ALL IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE.  Licensee acknowledges that VMware has not publicly announced the availability of the Technology Preview Software, that such Technology Preview Software may contain features currently under development, that VMware has not promised or guaranteed to Licensee that such Technology Preview Software will be announced or made available to anyone in the future, that VMware has no express or implied obligation to Licensee to announce or introduce the Technology Preview Software, that VMware has no obligation to introduce a product similar to or compatible with the Technology Preview Software, and that any version number (if any) referenced is subject to change and does not in any way represent VMware’s commitment to release any product in the future. Accordingly, Licensee acknowledges that any research or development that it performs regarding the Technology Preview Software or any product associated with the Technology Preview Software is done entirely at Licensee’s own risk.  Specifically, the Technology Preview Software may contain features, functionality or modules that will not be included in the production version of the Technology Preview Software, if released, or that will be marketed separately for additional fees.
 7.	OTHER PROVISIONS.  (a)  Governing Law.  This Agreement, and all disputes arising out of or related thereto, shall be governed by and construed under the laws of the State of California without reference to conflict of laws principles.  All such disputes shall be subject to the exclusive jurisdiction of the state and federal courts located in Santa Clara County, California, and the parties agree and submit to the personal and exclusive jurisdiction and venue of these courts.  The United Nations Convention for the International Sale of Goods shall not apply.  (b) Export Control.  The Technology Preview Software is of United States origin and is provided subject to the U.S. Export Administration Regulations.  Diversion contrary to U.S. law is prohibited.  Without limiting the foregoing, you agree that (i) you are not, and are not acting on behalf of, any person who is a citizen, national, or resident of, or who is controlled by the government of, Cuba, Iran, North Korea, Sudan, or Syria, or any other country to which the United States has prohibited export transactions; (ii) you are not, and are not acting on behalf of, any person or entity listed on the U.S. Treasury Department list of Specially Designated Nationals and Blocked Persons, or the U.S. Commerce Department Denied Persons List or Entity List; and (iii) you will not use the Technology Preview Software for, and will not permit the Technology Preview Software to be used for, any purposes prohibited by law, including, without limitation, for any prohibited development, design, manufacture or production of missiles or nuclear, chemical or biological weapons. U.S. Export Control Classification Numbers (ECCN’s) may be found at VMware help page: http://www.vmware.com/help/export-control.   (c)  Modification.  This is the entire agreement between the parties relating to the subject matter hereof and all other terms are rejected.  No waiver or modification of this Agreement shall be valid unless in writing signed by each party.  The waiver of a breach of any term hereof shall in no way be construed as a waiver of any other term or breach hereof.  If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this Agreement shall remain in full force and effect.  (d)  Data Privacy.  Licensee agrees that VMware may process technical and related usage information about Licensee’s use of the Technology Preview Software for statistical and analytical purposes. Usage information is collected strictly for internal statistical and analytical purposes for the development of VMware products and services. Licensee understands that any log files generated in order to obtain support from VMware may contain sensitive, confidential or personal information. Licensee should consider obfuscating any logs before sending them to VMware.  VMware’s privacy policy (http://www.vmware.com/help/privacy.html) shall apply.
 8.	ASSIGNMENT.  Licensee shall not assign this Agreement or any rights or obligations hereunder, directly or indirectly, by operation of law, merger, acquisition of stock or assets, or otherwise, without the prior written consent of VMware.  Any attempted assignment or transfer in violation of the foregoing will be null and void.  Subject to the foregoing, this Agreement shall inure to the benefit of and be binding upon the parties and their respective successors and permitted assigns.
 9. 	CONTACT INFORMATION.  If you have any questions about this Agreement, please direct all correspondence to: VMware, Inc., 3401 Hillview Avenue, Palo Alto, CA 94304, United States of America or email info@vmware.com.  VMware is a trademark of VMware, Inc. and is registered in the U.S. and numerous other countries.	
 Rev. 2014Mar10
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -0,0 +1,12 @@
 PowerCLI-Example-Scripts
 Copyright 2021 VMware, Inc.
 BSD 2-Clause License
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/Modules/Backup-VCSA/Backup-VCSA.psm1
+++ b/Modules/Backup-VCSA/Backup-VCSA.psm1
@@ -1,204 +1,554 @@
 Function Backup-VCSAToFile {
 <#
-    .NOTES
+Copyright 2021 VMware, Inc.
-    ===========================================================================
+SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Backup-VCSAToFile {
 <#
 	.NOTES
 	===========================================================================
 	 Created by:   	Brian Graf
-     Date:          October 30, 2016
+	 Date:          October 30, 2016
 	 Organization: 	VMware
-     Blog:          www.vtagion.com
+	 Blog:          www.vtagion.com
-     Twitter:       @vBrianGraf
+	 Twitter:       @vBrianGraf
 	 Modifed by:    Michael Dunsdon
 	 Twitter:       @MJDunsdon
 	 Date:          September 21, 2020
 	===========================================================================
 	.SYNOPSIS
 		This function will allow you to create a full or partial backup of your
-    VCSA appliance. (vSphere 6.5 and higher)
+		VCSA appliance. (vSphere 6.5 and higher)
 	.DESCRIPTION
 		Use this function to backup your VCSA to a remote location
 	.EXAMPLE
-        [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword = "VMw@re123"
+		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword = "VMw@re123"
-        $Comment = "First API Backup"
+		$Comment = "First API Backup"
-        $LocationType = "FTP"
+		$LocationType = "FTP"
-        $location = "10.144.99.5/vcsabackup-$((Get-Date).ToString('yyyy-MM-dd-hh-mm'))"
+		$location = "10.144.99.5/vcsabackup-$((Get-Date).ToString('yyyy-MM-dd-hh-mm'))"
-        $LocationUser = "admin"
+		$LocationUser = "admin"
-        [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$locationPassword = "VMw@re123"
+		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$locationPassword = "VMw@re123"
 		PS C:\> Backup-VCSAToFile -BackupPassword $BackupPassword  -LocationType $LocationType -Location $location -LocationUser $LocationUser -LocationPassword $locationPassword -Comment "This is a demo" -ShowProgress -FullBackup
 	.NOTES
-        Credit goes to @AlanRenouf for sharing the base of this function with me which I was able to take and make more robust as well as add in progress indicators
+		Credit goes to @AlanRenouf for sharing the base of this function with me which I was able to take and make more robust as well as add in progress indicators
-        You must be connected to the CisService for this to work, if you are not connected, the function will prompt you for your credentials
+		You must be connected to the CisService for this to work, if you are not connected, the function will prompt you for your credentials
 		A CisService can also be supplied as a parameter.
 		If a -LocationType is not chosen, the function will default to FTP.
-        The destination location for a backup must be an empty folder (easiest to use the get-date cmdlet in the location)
+		The destination location for a backup must be an empty folder (easiest to use the get-date cmdlet in the location)
-        -ShowProgress will give you a progressbar as well as updates in the console
+		-ShowProgress will give you a progressbar as well as updates in the console
-        -CommonBackup will only backup the config whereas -Fullbackup grabs the historical data as well
+		-CommonBackup will only backup the config whereas -Fullbackup grabs the historical data as well
 #>
-    param (
+	param (
-        [Parameter(ParameterSetName=’FullBackup’)]
+		[Parameter(ParameterSetName='FullBackup')]
-        [switch]$FullBackup,
+		[switch]$FullBackup,
-        [Parameter(ParameterSetName=’CommonBackup’)]
+		[Parameter(ParameterSetName='CommonBackup')]
-        [switch]$CommonBackup,
+		[switch]$CommonBackup,
-        [ValidateSet('FTPS', 'HTTP', 'SCP', 'HTTPS', 'FTP')]
+		[ValidateSet('FTPS', 'HTTP', 'SCP', 'HTTPS', 'FTP', 'SMB', 'SFTP')]
-        $LocationType = "FTP",
+		$LocationType = "FTP",
-        $Location,
+		$Location,
-        $LocationUser,
+		$LocationUser,
-        [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$LocationPassword,
+		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$LocationPassword,
-        [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword,
+		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword,
-        $Comment = "Backup job",
+		$Comment = "Backup job",
-        [switch]$ShowProgress
+		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers,
-    )
+		[switch]$ShowProgress
-    Begin {
+	)
-        if (!($global:DefaultCisServers)){ 
+	Begin {
-            Add-Type -Assembly System.Windows.Forms
+		if ($CisServer.IsConnected) {
-            [System.Windows.Forms.MessageBox]::Show("It appears you have not created a connection to the CisServer. You will now be prompted to enter your vCenter credentials to continue" , "Connect to CisServer") | out-null
+			Write-Verbose "Connected to $($CisServer.Name)"
-            $Connection = Connect-CisServer $global:DefaultVIServer 
+			$connection = $CisServer
-        } else {
+		} elseif ($CisServer.gettype().name -eq "String") {
-            $Connection = $global:DefaultCisServers
+			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
-        }
+			$Connection = Connect-CisServer $CisServer
-        if ($FullBackup) {$parts = @("common","seat")}
+		} elseif ($global:DefaultCisServers) {
-        if ($CommonBackup) {$parts = @("common")}
+			$connection = $global:DefaultCisServers
-    }
+		} elseif ($global:DefaultVIServer) {
-    Process{
+			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
-        $BackupAPI = Get-CisService com.vmware.appliance.recovery.backup.job
+			$Connection = Connect-CisServer $global:DefaultVIServer
-        $CreateSpec = $BackupAPI.Help.create.piece.CreateExample()
+		}
-        $CreateSpec.parts = $parts
+		if (!$Connection) {
-        $CreateSpec.backup_password = $BackupPassword
+			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
-        $CreateSpec.location_type = $LocationType
+		}
-        $CreateSpec.location = $Location
+		if ($FullBackup) {$parts = @("common","seat")}
-        $CreateSpec.location_user = $LocationUser
+		if ($CommonBackup) {$parts = @("common")}
        $CreateSpec.location_password = $LocationPassword
        $CreateSpec.comment = $Comment
        try {
            $BackupJob = $BackupAPI.create($CreateSpec)
        }
        catch {
            throw $_.Exception.Message
        }
-
+		# Per github issue 468 (https://github.com/vmware/PowerCLI-Example-Scripts/issues/468) adding some logic to account for SFTP/SCP handling in versions after VC 7.0.
-        If ($ShowProgress){
+		$vCenterVersionNumber = (Get-CisService -Name 'com.vmware.appliance.system.version').get().version
-            do {
+		if ( ($vCenterVersionNumber -ge 6.5 -AND $vCenterVersionNumber -lt 7.0 ) -AND $LocationType -eq 'SFTP' )  {
-                $BackupAPI.get("$($BackupJob.ID)") | select id, progress, state
+			write-warning 'VCSA Backup for versions 6.5 and 6.7 use SCP, not SFTP.  Adjusting the LocationType accordingly.'
-                $progress = ($BackupAPI.get("$($BackupJob.ID)").progress)
+			$LocationType = 'SCP'
-                Write-Progress -Activity "Backing up VCSA"  -Status $BackupAPI.get("$($BackupJob.ID)").state -PercentComplete ($BackupAPI.get("$($BackupJob.ID)").progress) -CurrentOperation "$progress% Complete"
+		} 
-                start-sleep -seconds 5
+		if ( $vCenterVersionNumber -ge 7.0 -AND $LocationType -eq 'SCP' ) {
-            } until ($BackupAPI.get("$($BackupJob.ID)").progress -eq 100 -or $BackupAPI.get("$($BackupJob.ID)").state -ne "INPROGRESS")
+			write-warning 'VCSA Backup starting with version 7.0 use SFTP and not SCP.  Adjusting the LocationType accordingly.'
-
+			$LocationType = 'SFTP'
-            Write-Progress -Activity "Backing up VCSA" -Completed
+		}
-            $BackupAPI.get("$($BackupJob.ID)") | select id, progress, state
+	}
-        } 
+	Process{
-        Else {
+		$BackupAPI = Get-CisService 'com.vmware.appliance.recovery.backup.job'
-            $BackupJob | select id, progress, state
+		$CreateSpec = $BackupAPI.Help.create.piece.CreateExample()
-        }
+		$CreateSpec.parts = $parts
-    }
+		$CreateSpec.backup_password = $BackupPassword
-    End {}
+		$CreateSpec.location_type = $LocationType
 		$CreateSpec.location = $Location
 		$CreateSpec.location_user = $LocationUser
 		$CreateSpec.location_password = $LocationPassword
 		$CreateSpec.comment = $Comment
 		try {
 			$BackupJob = $BackupAPI.create($CreateSpec)
 		} catch {
 			throw $_.Exception.Message
 		}
 		If ($ShowProgress){
 			do {
 				$BackupAPI.get("$($BackupJob.ID)") | Select-Object id, progress, state
 				$progress = ($BackupAPI.get("$($BackupJob.ID)").progress)
 				Write-Progress -Activity "Backing up VCSA"  -Status $BackupAPI.get("$($BackupJob.ID)").state -PercentComplete ($BackupAPI.get("$($BackupJob.ID)").progress) -CurrentOperation "$progress% Complete"
 				Start-Sleep -seconds 5
 			} until ($BackupAPI.get("$($BackupJob.ID)").progress -eq 100 -or $BackupAPI.get("$($BackupJob.ID)").state -ne "INPROGRESS")
 			Write-Progress -Activity "Backing up VCSA" -Completed
 			$BackupAPI.get("$($BackupJob.ID)") | Select-Object id, progress, state
 		} Else {
 			$BackupJob | Select-Object id, progress, state
 		}
 	}
 	End {}
 }
 Function Get-VCSABackupJobs {
 <#
-    .NOTES
+	.NOTES
-    ===========================================================================
+	===========================================================================
-	 Created by:   	Brian Graf
+	 Created by:    Brian Graf
-     Date:          October 30, 2016
+	 Date:          October 30, 2016
-	 Organization: 	VMware
+	 Organization:  VMware
-     Blog:          www.vtagion.com
+	 Blog:          www.vtagion.com
-     Twitter:       @vBrianGraf
+	 Twitter:       @vBrianGraf
 	 Modifed by:    Michael Dunsdon
 	 Twitter:       @MJDunsdon
 	 Date:          September 21, 2020
 	===========================================================================
 	.SYNOPSIS
 		Get-VCSABackupJobs returns a list of all backup jobs VCSA has ever performed (vSphere 6.5 and higher)
 	.DESCRIPTION
 		Get-VCSABackupJobs returns a list of all backup jobs VCSA has ever performed
 	.EXAMPLE
 		PS C:\> Get-VCSABackupJobs
-	
+	.EXAMPLE
 		PS C:\> Get-VCSABackupJobs -ShowNewest -CisServer "vcserver.sphere.local"
 	.NOTES
 		The values returned are read as follows:
-        YYYYMMDD-hhmmss-vcsabuildnumber
+		YYYYMMDD-hhmmss-vcsabuildnumber
-        You can pipe the results of this function into the Get-VCSABackupStatus function
+		You can pipe the results of this function into the Get-VCSABackupStatus function
-        Get-VCSABackupJobs | select -First 1 | Get-VCSABackupStatus <- Most recent backup
+		Get-VCSABackupJobs | select -First 1 | Get-VCSABackupStatus <- Most recent backup
 #>
-    param (
+	param (
-        [switch]$ShowNewest
+		[Parameter(Mandatory=$false)][switch]$ShowNewest,
-    )
+		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers
-    Begin {
+	)
-        if (!($global:DefaultCisServers)){ 
+	Begin {
-            [System.Windows.Forms.MessageBox]::Show("It appears you have not created a connection to the CisServer. You will now be prompted to enter your vCenter credentials to continue" , "Connect to CisServer") | out-null
+		if ($CisServer.IsConnected) {
-            $Connection = Connect-CisServer $global:DefaultVIServer 
+			Write-Verbose "Connected to $($CisServer.Name)"
-        } else {
+			$connection = $CisServer
-            $Connection = $global:DefaultCisServers
+		} elseif ($CisServer.gettype().name -eq "String") {
-        }
+			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
-    }
+			$Connection = Connect-CisServer $CisServer
-    Process{
+		} elseif ($global:DefaultCisServers) {
-       
+			$connection = $global:DefaultCisServers
-        $BackupAPI = Get-CisService com.vmware.appliance.recovery.backup.job
+		} elseif ($global:DefaultVIServer) {
-
+			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
-        try {
+			$Connection = Connect-CisServer $global:DefaultVIServer
-            if ($ShowNewest) {
+		}
-                $results = $BackupAPI.list()
+		if (!$Connection) {
-                $results[0]
+			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
-            } else {
+		}
-                $BackupAPI.list()
+	}
-            }
+	Process{
-        }
+		$BackupAPI = Get-CisService 'com.vmware.appliance.recovery.backup.job'
-        catch {
+		try {
-            Write-Error $Error[0].exception.Message
+			if ($ShowNewest) {
-        }
+				$results = $BackupAPI.list()
-
+				$results[0]
-        }
+			} else {
-
+				$BackupAPI.list()
-    End {}
+			}
 		} catch {
 			Write-Error $Error[0].exception.Message
 		}
 	}
 	End {}
 }
 Function Get-VCSABackupStatus {
 <#
-    .NOTES
+	.NOTES
-    ===========================================================================
+	===========================================================================
-	 Created by:   	Brian Graf
+	 Created by:    Brian Graf
-     Date:          October 30, 2016
+	 Date:          October 30, 2016
-	 Organization: 	VMware
+	 Organization:  VMware
-     Blog:          www.vtagion.com
+	 Blog:          www.vtagion.com
-     Twitter:       @vBrianGraf
+	 Twitter:       @vBrianGraf
 	 Modifed by:    Michael Dunsdon
 	 Twitter:       @MJDunsdon
 	 Date:          September 21, 2020
 	===========================================================================
 	.SYNOPSIS
 		Returns the ID, Progress, and State of a VCSA backup (vSphere 6.5 and higher)
 	.DESCRIPTION
 		Returns the ID, Progress, and State of a VCSA backup
-
+ 	.EXAMPLE
 	.EXAMPLE
 		PS C:\> $backups = Get-VCSABackupJobs
-                $backups[0] | Get-VCSABackupStatus
+				$backups[0] | Get-VCSABackupStatus
 	.NOTES
 		The BackupID can be piped in from the Get-VCSABackupJobs function and can return multiple job statuses
 #>
-    Param (
+	Param (
-        [parameter(ValueFromPipeline=$True)]
+		[parameter(Mandatory=$false,ValueFromPipeline=$True)][string[]]$BackupID,
-        [string[]]$BackupID
+		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers
-    )
+	)
- Begin {
+	Begin {
-        if (!($global:DefaultCisServers)){ 
+		if ($CisServer.IsConnected) {
-            [System.Windows.Forms.MessageBox]::Show("It appears you have not created a connection to the CisServer. You will now be prompted to enter your vCenter credentials to continue" , "Connect to CisServer") | out-null
+			Write-Verbose "Connected to $($CisServer.Name)"
-            $Connection = Connect-CisServer $global:DefaultVIServer 
+			$connection = $CisServer
-        } else {
+		} elseif ($CisServer.gettype().name -eq "String") {
-            $Connection = $global:DefaultCisServers
+			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
-        }
+			$Connection = Connect-CisServer $CisServer
-        
+		} elseif ($global:DefaultCisServers) {
-        $BackupAPI = Get-CisService com.vmware.appliance.recovery.backup.job
+			$connection = $global:DefaultCisServers
- }
+		} elseif ($global:DefaultVIServer) {
-    Process{
+			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
-       
+			$Connection = Connect-CisServer $global:DefaultVIServer
-        foreach ($id in $BackupID) {
+		}
-            $BackupAPI.get("$id") | select id, progress, state
+		if (!$Connection) {
-        }
+			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
-        
+		}
-
+	}
-    }
+	Process{
-
+		$BackupAPI = Get-CisService 'com.vmware.appliance.recovery.backup.job'
-    End {}
+		Foreach ($id in $BackupID) {
 			$BackupAPI.get("$id") | Select-Object id, progress, state
 		}
 	}
 	End {}
 }
 Function New-VCSASchedule {
 <#
 	.NOTES
 	===========================================================================
 	 Original Created by:  Brian Graf
 	 Blog:                 www.vtagion.com
 	 Twitter:              @vBrianGraf
 	 Organization:         VMware
 	 Created / Modifed by: Michael Dunsdon
 	 Twitter:              @MJDunsdon
 	 Date:                 September 21, 2020
 	===========================================================================
 	.SYNOPSIS
 		This function will allow you to create a scheduled to backup your
 		VCSA appliance. (vSphere 6.7 and higher)
 	.DESCRIPTION
 		Use this function to create a schedule to backup your VCSA to a remote location
 	.EXAMPLE
 		The Below Create a schedule on Monday @11:30pm to FTP location 10.1.1.10:/vcsabackup/vcenter01
 		and keep 4 backups with a Encryption Passowrd of "VMw@re123"
 		$location = "ftp://10.1.1.10/vcsabackup/vcenter01"
 		$LocationUser = "admin"
 		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$locationPassword = "VMw@re123"
 		$BHour = 23
 		$BMin = 30
 		$BDays = @("Monday")
 		$MaxCount = 4
 		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword = "VMw@re123"
 		PS C:\> New-VCSASchedule -Location $location -LocationUser $LocationUser -LocationPassword $locationPassword -BackupHour $BHour -BackupMinute $BMin -backupDays $BDays -MaxCount $MaxCount -BackupPassword $BackupPassword
 	.EXAMPLE
 		The Below Create a schedule on Sunday & Wednesday @5:15am
 		to NFS location 10.1.1.10:/vcsabackup/vcenter01
 		keep 10 backups with a Encryption Passowrd of "VMw@re123"
 		with Event Data included (Seat) and will delete any existing schedule.
 		$location = "nfs://10.1.1.10/vcsabackup/vcenter01"
 		$LocationUser = "admin"
 		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$locationPassword = "VMw@re123"
 		$BHour = 5
 		$BMin = 15
 		$BDays = @("Sunday", "Monday")
 		$MaxCount = 10
 		[VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword = "VMw@re123"
 		PS C:\> New-VCSASchedule -IncludeSeat -force -Location $location -LocationUser $LocationUser -LocationPassword $locationPassword -BackupHour $BHour -BackupMinute $BMin -backupDays $BDays -MaxCount $MaxCount -BackupPassword $BackupPassword -CisServer "vcserver.sphere.local"
 	.NOTES
 		Credit goes to @AlanRenouf & @vBrianGraf for sharing the base of this function.
 		You must be connected to the CisService for this to work, if you are not connected, the function will prompt you for your credentials
 #>
 	[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'Medium')]
 	param (
 		[Parameter(Mandatory=$true)]$Location,
 		[Parameter(Mandatory=$true)]$LocationUser,
 		[Parameter(Mandatory=$true)][VMware.VimAutomation.Cis.Core.Types.V1.Secret]$LocationPassword,
 		[Parameter(Mandatory=$false)][VMware.VimAutomation.Cis.Core.Types.V1.Secret]$BackupPassword,
 		[Parameter(Mandatory=$true)][ValidateRange(0,23)]$BackupHour,
 		[Parameter(Mandatory=$true)][ValidateRange(0,59)]$BackupMinute,
 		[Parameter(Mandatory=$true)][ValidateSet('MONDAY', 'TUESDAY', 'WEDNESDAY', 'THURSDAY', 'FRIDAY', 'SATURDAY', 'SUNDAY', IgnoreCase = $False)][Array]$BackupDays = $null,
 		[Parameter(Mandatory=$true)][Int]$MaxCount,
 		[Parameter(Mandatory=$false)]$BackupID = "default",
 		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers,
 		[Parameter(Mandatory=$false)][switch]$IncludeSeat,
 		[Parameter(Mandatory=$false)][switch]$Force
 	)
 	Begin {
 		if ($CisServer.IsConnected) {
 			Write-Verbose "Connected to $($CisServer.Name)"
 			$connection = $CisServer
 		} elseif ($CisServer.gettype().name -eq "String") {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
 			$Connection = Connect-CisServer $CisServer
 		} elseif ($global:DefaultCisServers) {
 			$connection = $global:DefaultCisServers
 		} elseif ($global:DefaultVIServer) {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
 			$Connection = Connect-CisServer $global:DefaultVIServer
 		}
 		if (!$Connection) {
 			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
 		}
 	}
 	Process{
 		if (!(Test-VCSAScheduleSupport)) {
 			Write-Error "This VCSA does not support Backup Schedules."
 			return
 		}
 		$BackupAPI = Get-CisService -name 'com.vmware.appliance.recovery.backup.schedules'
 		$CreateSpec = $BackupAPI.Help.create.spec.Create()
 		$CreateSpec.backup_password = $BackupPassword
 		$CreateSpec.location = $Location
 		$CreateSpec.location_user = $LocationUser
 		$CreateSpec.location_password = $LocationPassword
 		$CreateSpec.Enable = $true
 		$CreateSpec.recurrence_info.Hour = $BackupHour
 		$CreateSpec.recurrence_info.Minute = $BackupMinute
 		$CreateSpec.recurrence_info.Days = $BackupDays
 		$CreateSpec.retention_info.max_count = $MaxCount
 		if ($IncludeSeat) {
 			$CreateSpec.parts = @("seat","common")
 		} else {
 			$CreateSpec.parts = @("common")
 		}
 		$CurrentSchedule = $BackupAPI.list()
 		if ($CurrentSchedule.keys.value) {
 			if($Force -or $PSCmdlet.ShouldContinue($CurrentSchedule.keys.value,'Delete Old Schedule')){
 				$BackupAPI.delete($CurrentSchedule.keys.value)
 			} else {
 				Write-Error "There is an exisiting Schedule. Please delete before Creating a new one."
 				return
 			}
 		}
 		if ($PSCmdlet.ShouldProcess($BackupID, 'Create New Schedule.')) {
 			try {
 				$BackupJob = $BackupAPI.create($BackupID, $CreateSpec)
 			}
 			catch {
 				throw $_.Exception.Message
 			}
 		}
 		if ($BackupJob) {
 			Write-Host "Backup up Job Created."
 			return $BackupJob
 		}
 	}
 	End {}
 }
 Function Get-VCSASchedule {
 <#
 	.NOTES
 	===========================================================================
 	 Original Created by:  Brian Graf
 	 Blog:                 www.vtagion.com
 	 Twitter:              @vBrianGraf
 	 Organization:         VMware
 	 Created / Modifed by: Michael Dunsdon
 	 Twitter:              @MJDunsdon
 	 Date:                 September 21, 2020
 	===========================================================================
 	.SYNOPSIS
 		This function will allow you to Get the scheduled backup of your
 		VCSA appliance. (vSphere 6.7 and higher)
 	.DESCRIPTION
 		Use this function to Get the backup schedule for your VCSA appliance.
 	.EXAMPLE
 		PS C:\> Get-VCSASchedule
 	.EXAMPLE
 		PS C:\> Get-VCSASchedule -ScheduleID 1 -CisServer "vcserver.sphere.local"
 	.NOTES
 		Credit goes to @AlanRenouf & @vBrianGraf for sharing the base of this function.
 		Returns a simplified object with the schedule details.
 		You must be connected to the CisService for this to work, if you are not connected, the function will prompt you for your credentials
 #>
 	param (
 		[Parameter(Mandatory=$False,HelpMessage="Will Filter List By ScheduleID")]$ScheduleID,
 		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers
 	)
 	Begin {
 		if ($CisServer.IsConnected) {
 			Write-Verbose "Connected to $($CisServer.Name)"
 			$connection = $CisServer
 		} elseif ($CisServer.gettype().name -eq "String") {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
 			$Connection = Connect-CisServer $CisServer
 		} elseif ($global:DefaultCisServers) {
 			$connection = $global:DefaultCisServers
 		} elseif ($global:DefaultVIServer) {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
 			$Connection = Connect-CisServer $global:DefaultVIServer
 		}
 		if (!$Connection) {
 			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
 		}
 	}
 	Process{
 		if (!(Test-VCSAScheduleSupport)) {
 			Write-Error "This VCSA does not support Backup Schedules."
 			return
 		}
 		$BackupAPI = Get-CisService -name 'com.vmware.appliance.recovery.backup.schedules'
 		$Schedules = $BackupAPI.list()
 		if ($Schedules.count -ge 1) {
 			$ObjSchedule = @()
 			foreach ($Schedule in $Schedules) {
 				$ObjSchedule += $Schedule.values | Select-Object *,@{N = "ID"; e = {"$($schedule.keys.value)"}} -ExpandProperty recurrence_info -ExcludeProperty Help | Select-Object * -ExcludeProperty recurrence_info,Help | Select-Object * -ExpandProperty retention_info | Select-Object * -ExcludeProperty retention_info,Help
 			}
 			if ($ScheduleID) {
 				$ObjSchedule = $ObjSchedule | Where-Object {$_.ID -eq $ScheduleID}
 			}
 			return $ObjSchedule
 		} else {
 			Write-Information "No Schedule Defined."
 		}
 	}
 	End {}
 }
 Function Remove-VCSASchedule {
 <#
 	.NOTES
 	===========================================================================
 	 Original Created by:  Brian Graf
 	 Blog:                 www.vtagion.com
 	 Twitter:              @vBrianGraf
 	 Organization:         VMware
 	 Created / Modifed by: Michael Dunsdon
 	 Twitter:              @MJDunsdon
 	 Date:                 September 21, 2020
 	============================================================================
 	.SYNOPSIS
 		This function will remove any scheduled backups of your
 		VCSA appliance. (vSphere 6.7 and higher)
 	.DESCRIPTION
 		Use this function to remove the backup schedule for your VCSA appliance.
 	.EXAMPLE
 		PS C:\> Remove-VCSASchedule
 	.EXAMPLE
 		PS C:\> Remove-VCSASchedule -ScheduleID 1 -CisServer "vcserver.sphere.local"
 	.NOTES
 		Credit goes to @AlanRenouf & @vBrianGraf for sharing the base of this function.
 		You must be connected to the CisService for this to work, if you are not connected, the function will prompt you for your credentials
 #>
 	[CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')]
 	param (
 		[Parameter(Mandatory=$false)]$ScheduleID = "default",
 		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers
 	)
 	Begin {
 		if ($CisServer.IsConnected) {
 			Write-Verbose "Connected to $($CisServer.Name)"
 			$connection = $CisServer
 		} elseif ($CisServer.gettype().name -eq "String") {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
 			$Connection = Connect-CisServer $CisServer
 		} elseif ($global:DefaultCisServers) {
 			$connection = $global:DefaultCisServers
 		} elseif ($global:DefaultVIServer) {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
 			$Connection = Connect-CisServer $global:DefaultVIServer
 		}
 		if (!$Connection) {
 			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
 		}
 	}
 	Process{
 		if (!(Test-VCSAScheduleSupport)) {
 			Write-Error "This VCSA does not support Backup Schedules."
 			return
 		}
 		if ($PSCmdlet.ShouldProcess($ScheduleID, "Removes Current Backup Schedule")) {
 			$BackupAPI = Get-CisService -name 'com.vmware.appliance.recovery.backup.schedules'
 			$BackupAPI.delete($ScheduleID)
 		}
 	}
 	End {}
 }
 Function Test-VCSAScheduleSupport {
 <#
 	.NOTES
 	===========================================================================
 	 Original Created by:  Brian Graf
 	 Blog:                 www.vtagion.com
 	 Twitter:              @vBrianGraf
 	 Organization:         VMware
 	 Created / Modifed by: Michael Dunsdon
 	 Twitter:              @MJDunsdon
 	 Date:                 September 21, 2020
 	===========================================================================
 	.SYNOPSIS
 		This function will check to see if your VCSA supports Scheduled Backups.
 		(vSphere 6.7 and higher)
 	.DESCRIPTION
 		Use this function to check if your VCSA supports Scheduled Backups.
 	.EXAMPLE
 		PS C:\> Test-VCSAScheduleSupport
 	.EXAMPLE
 		PS C:\> Test-VCSAScheduleSupport -CisServer "vcserver.sphere.local"
 	.NOTES
 		Credit goes to @AlanRenouf & @vBrianGraf for sharing the base of this function.
 		You must be connected to the CisService for this to work, if you are not connected, the function will prompt you for your credentia
 #>
 	param (
 		[Parameter(Mandatory=$false)]$CisServer = $global:DefaultCisServers
 	)
 	Begin {
 		if ($CisServer.IsConnected) {
 			Write-Verbose "Connected to $($CisServer.Name)"
 			$connection = $CisServer
 		} elseif ($CisServer.gettype().name -eq "String") {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($CisServer)."
 			$Connection = Connect-CisServer $CisServer
 		} elseif ($global:DefaultCisServers) {
 			$connection = $global:DefaultCisServers
 		} elseif ($global:DefaultVIServer) {
 			Write-Host "Prompting for CIS Server credentials. Connecting to $($global:DefaultVIServer.name)."
 			$Connection = Connect-CisServer $global:DefaultVIServer
 		}
 		if (!$Connection) {
 			Write-Error "It appears you have not created a connection to the CisServer. Please Connect First and try command again. (Connect-CisServer)"
 		}
 	}
 	Process{
 		if ((Get-CisService).name -contains "com.vmware.appliance.recovery.backup.schedules" ) {
 			Write-Verbose "This VCSA does supports Backup Schedules."
 			return $true
 		} else {
 			Write-Verbose "This VCSA does not support Backup Schedules."
 			return $false
 		}
 	}
 	End {}
 }
--- a/Modules/ContentLibrary/ContentLibrary.psm1
+++ b/Modules/ContentLibrary/ContentLibrary.psm1
@@ -1,4 +1,8 @@
-Function Get-ContentLibrary {
+<#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-ContentLibrary {
 <#
    .NOTES
    ===========================================================================
--- a/Modules/CrossvCentervmotion/XVM.psm1
+++ b/Modules/CrossvCentervmotion/XVM.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-XVCMStatus {
 <#
    .NOTES
--- a/Modules/DatastoreFunctions/DatastoreFunctions.psm1
+++ b/Modules/DatastoreFunctions/DatastoreFunctions.psm1
@@ -34,7 +34,7 @@ Function Get-HostViews {
 			Throw "No Datastores found.`nIs ""$Datastore"" a Datastore Object?"
 		}
 		$allHosts = @()
-		$DShostsKeys = $allDatastores.extensiondata.host.key.value | sort | get-unique -asstring
+		$DShostsKeys = $allDatastores.extensiondata.host.key.value | sort-object | get-unique -asstring
 		$DShosts = foreach ($thisKey in $DShostsKeys) {($allDatastores.extensiondata.host | ? {$_.key.value -eq $thisKey})[0]}
 		$i = 1
 		foreach ($DSHost in $DSHosts){
--- a/Modules/Get-NewAndRemovedVMs/Get-NewAndRemovedVMs.psm1
+++ b/Modules/Get-NewAndRemovedVMs/Get-NewAndRemovedVMs.psm1
@@ -125,7 +125,7 @@ Begin {
 process {
    $result = Get-VIEventPlus -Start ((get-date).adddays(-$Days)) -EventType @("VmCreatedEvent", "VmBeingClonedEvent", "VmBeingDeployedEvent","VmRemovedEvent")
-    $sortedResult = $result | Select CreatedTime, @{N='Cluster';E={$_.ComputeResource.Name}}, @{Name="VMName";Expression={$_.vm.name}}, UserName, @{N='Type';E={$_.GetType().Name}}, FullFormattedMessage | Sort CreatedTime
+    $sortedResult = $result | Select-Object CreatedTime, @{N='Cluster';E={$_.ComputeResource.Name}}, @{Name="VMName";Expression={$_.vm.name}}, UserName, @{N='Type';E={$_.GetType().Name}}, FullFormattedMessage
-    $sortedResult | where {$_.Cluster -like $ClusterName}
+    $sortedResult | where-object {$_.Cluster -like $ClusterName}
 }
 }
--- a/Modules/NSXT/NSXT.psd1
+++ b/Modules/NSXT/NSXT.psd1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
@{
 	ModuleToProcess = 'NSXT.psm1'
 	ModuleVersion = '1.0.0.0'
--- a/Modules/NSXT/NSXT.psm1
+++ b/Modules/NSXT/NSXT.psm1
@@ -1,4 +1,8 @@
-Function Get-NSXTController {
+<#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-NSXTController {
    Param (
        [parameter(Mandatory=$false,ValueFromPipeline=$true)][string]$Id
    )
--- a/Modules/PerVMEVC/PerVMEVC.psm1
+++ b/Modules/PerVMEVC/PerVMEVC.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-VMEvcMode {
 <#
 .SYNOPSIS
--- a/Modules/ProactiveHA/ProactiveHA.psm1
+++ b/Modules/ProactiveHA/ProactiveHA.psm1
@@ -1,4 +1,8 @@
-Function New-PHAProvider {
+<#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function New-PHAProvider {
 <#
    .NOTES
    ===========================================================================
--- a/Modules/Recommend-Sizing/Recommend-Sizing.psm1
+++ b/Modules/Recommend-Sizing/Recommend-Sizing.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Recommend-Sizing {
 <#
    .NOTES
--- a/Modules/SRM/Examples/ReportConfiguration.ps1
+++ b/Modules/SRM/Examples/ReportConfiguration.ps1
@@ -1,4 +1,13 @@
-# Depends on SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
+<#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # Depends on SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
 # It is assumed that the connection to VC and SRM Server have already been made
 Function Get-SrmConfigReportSite {
--- a/Modules/SRM/Examples/SrmTagging.ps1
+++ b/Modules/SRM/Examples/SrmTagging.ps1
@@ -1,4 +1,13 @@
-# Depends on SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
+<#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # Depends on SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
 # It is assumed that the connections to active VC and SRM Server have already been made
 Import-Module Meadowcroft.SRM -Prefix Srm
--- a/Modules/SRM/LICENSE.txt
+++ b/Modules/SRM/LICENSE.txt
@@ -55,7 +55,7 @@ APPENDIX: How to apply the Apache License to your work.
 To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!)  The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.
-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2017-2021 VMware, Inc.
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/Modules/SRM/Meadowcroft.Srm.Protection.ps1
+++ b/Modules/SRM/Meadowcroft.Srm.Protection.ps1
@@ -1,4 +1,13 @@
-# SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
+<#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
 <#
 .SYNOPSIS
--- a/Modules/SRM/Meadowcroft.Srm.Recovery.ps1
+++ b/Modules/SRM/Meadowcroft.Srm.Recovery.ps1
@@ -1,4 +1,13 @@
-# SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
+<#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
 <#
 .SYNOPSIS
--- a/Modules/SRM/Meadowcroft.Srm.Storage.ps1
+++ b/Modules/SRM/Meadowcroft.Srm.Storage.ps1
@@ -1,4 +1,13 @@
-# SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
+<#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
 <#
 .SYNOPSIS
--- a/Modules/SRM/Meadowcroft.Srm.psd1
+++ b/Modules/SRM/Meadowcroft.Srm.psd1
@@ -1,4 +1,13 @@
-#
+<#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'Meadowcroft.Srm'
 #
--- a/Modules/SRM/Meadowcroft.Srm.psm1
+++ b/Modules/SRM/Meadowcroft.Srm.psm1
@@ -1,3 +1,11 @@
 <#
 Copyright 2017-2021 VMware, Inc.
 SPDX-License-Identifier: Apache-2.0
 #>
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # SRM Helper Methods - https://github.com/benmeadowcroft/SRM-Cmdlets
 <#
--- a/Modules/SRM/NOTICE.txt
+++ b/Modules/SRM/NOTICE.txt
@@ -1,7 +1,10 @@
-Copyright (c) 2017 VMware, Inc. All Rights Reserved. 
+Copyright (c) 2017-2021 VMware, Inc. All Rights Reserved.
 This product is licensed to you under the Apache License version 2.0 (the "License").  You may not use this product except in compliance with the License.
 This product may include a number of subcomponents with separate copyright notices and license terms. Your use of these subcomponents is subject to the terms and conditions of the subcomponent's license, as noted in the LICENSE file.
 Copyright (c) 2021 VMware, Inc. All Rights Reserved.
 This product is licensed to you under the BSD-2-Clause License. You may not use this product except in compliance with the License.
--- a/Modules/SaltStackConfig/SaltStackConfig.Format.ps1xml
+++ b/Modules/SaltStackConfig/SaltStackConfig.Format.ps1xml
@@ -0,0 +1,41 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <Configuration>
    <ViewDefinitions>
        <View>
            <Name>SscConnection</Name>
            <ViewSelectedBy>
                <TypeName>SscConnection</TypeName>
            </ViewSelectedBy>
            <TableControl>
                <TableHeaders>
                    <TableColumnHeader>
                        <Width>30</Width>
                        <Label>Name</Label>
                    </TableColumnHeader>
                    <TableColumnHeader>
                        <Width>30</Width>
                        <Label>User</Label>
                    </TableColumnHeader>
                    <TableColumnHeader>
                        <Label>Authenticated</Label>
                    </TableColumnHeader>
                </TableHeaders>
                <TableRowEntries>
                    <TableRowEntry>
                        <TableColumnItems>
                            <TableColumnItem>
                                <PropertyName>Name</PropertyName>
                            </TableColumnItem>
                            <TableColumnItem>
                                <PropertyName>User</PropertyName>
                            </TableColumnItem>
                            <TableColumnItem>
                                <PropertyName>Authenticated</PropertyName>
                            </TableColumnItem>
                    </TableColumnItems>
                    </TableRowEntry>
                </TableRowEntries>
            </TableControl>
        </View>
    </ViewDefinitions>
 </Configuration>
--- a/Modules/SaltStackConfig/SaltStackConfig.psd1
+++ b/Modules/SaltStackConfig/SaltStackConfig.psd1
@@ -0,0 +1,129 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'SaltStackConfig'
 #
 # Generated by: Brian Wuchner
 #
 # Generated on: 11/28/2021
 #
@{
 # Script module or binary module file associated with this manifest.
 RootModule = 'SaltStackConfig.psm1'
 # Version number of this module.
 ModuleVersion = '0.0.8'
 # Supported PSEditions
 # CompatiblePSEditions = @()
 # ID used to uniquely identify this module
 GUID = '9a36e984-2f63-450e-8c14-a6bccb18f87a'
 # Author of this module
 Author = 'Brian Wuchner'
 # Company or vendor of this module
 CompanyName = 'VMware'
 # Copyright statement for this module
 Copyright = '(c) VMware. All rights reserved.'
 # Description of the functionality provided by this module
 Description = 'Community sourced PowerShell wrapper module for the vRealize Automation SaltStack Config API.'
 # Minimum version of the Windows PowerShell engine required by this module
 PowerShellVersion = '4.0'
 # Name of the Windows PowerShell host required by this module
 # PowerShellHostName = ''
 # Minimum version of the Windows PowerShell host required by this module
 # PowerShellHostVersion = ''
 # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
 # DotNetFrameworkVersion = ''
 # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
 # CLRVersion = ''
 # Processor architecture (None, X86, Amd64) required by this module
 # ProcessorArchitecture = ''
 # Modules that must be imported into the global environment prior to importing this module
 # RequiredModules = @()
 # Assemblies that must be loaded prior to importing this module
 # RequiredAssemblies = @()
 # Script files (.ps1) that are run in the caller's environment prior to importing this module.
 # ScriptsToProcess = @()
 # Type files (.ps1xml) to be loaded when importing this module
 # TypesToProcess = @()
 # Format files (.ps1xml) to be loaded when importing this module
 FormatsToProcess = @('SaltStackConfig.Format.ps1xml')
 # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
 # NestedModules = @()
 # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
 FunctionsToExport = @('Connect-SscServer', 'Disconnect-SscServer', 'Get-SscActivity', 'Get-SscData', 'Get-SscJob', 'Get-SscMaster', 'Get-SscMinionCache', 'Get-SscReturn', 
        'Get-SscSchedule','Get-SscFile','Set-SscFile','New-SscFile','Remove-SscFile','Get-SscLicense','Get-SscvRALicense','Get-SscMinionKey','Set-SscMinionKey',
        'Remove-SscMinionKey')
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
 CmdletsToExport = @()
 # Variables to export from this module
 VariablesToExport = '*'
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = @()
 # DSC resources to export from this module
 # DscResourcesToExport = @()
 # List of all modules packaged with this module
 # ModuleList = @()
 # List of all files packaged with this module
 # FileList = @()
 # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
 PrivateData = @{
    PSData = @{
        # Tags applied to this module. These help with module discovery in online galleries.
        # Tags = @()
        # A URL to the license for this module.
        # LicenseUri = ''
        # A URL to the main website for this project.
        # ProjectUri = ''
        # A URL to an icon representing this module.
        # IconUri = ''
        # ReleaseNotes of this module
        # ReleaseNotes = ''
    } # End of PSData hashtable
 } # End of PrivateData hashtable
 # HelpInfo URI of this module
 # HelpInfoURI = ''
 # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
 # DefaultCommandPrefix = ''
 }
--- a/Modules/SaltStackConfig/SaltStackConfig.psm1
+++ b/Modules/SaltStackConfig/SaltStackConfig.psm1
@@ -0,0 +1,640 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Connect-SscServer {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    Use this function to create the cookie/header to connect to SaltStack Config RaaS API
  .DESCRIPTION
    This function will allow you to connect to a vRealize Automation SaltStack Config RaaS API.
    A global variable will be set with the Servername & Cookie/Header value for use by other functions.
  .EXAMPLE
    PS C:\> Connect-SscServer -Server 'salt.example.com' -Username 'root' -Password 'VMware1!'
    This will default to internal user authentication.
  .EXAMPLE
    PS C:\> Connect-SscServer -Server 'salt.example.com' -Username 'bwuchner' -Password 'MyPassword1!' -AuthSource 'LAB Directory'
    This will use the 'Lab Directory' LDAP authentication source.
  .EXAMPLE
    PS C:\> Connect-SscServer -Server 'salt.example.com'
    This will prompt for credentials
  .EXAMPLE
    $creds = Get-Credential
    PS C:\> Connect-SscServer -Server 'salt.example.com' -Credential $creds -AuthSource 'LAB Directory'
    This will connect to the 'LAB Directory' LDAP authentication source using a specified credential.
 #>
  param(
    [Parameter(Mandatory=$true, Position=0)][string]$server,
    [Parameter(Mandatory=$true, ParameterSetName='PlainText', Position=1)][string]$username,
    [Parameter(Mandatory=$true, ParameterSetName='PlainText', Position=2)][ValidateNotNullOrEmpty()][string]$password,
    [Parameter(Mandatory=$false, Position=3)][string]$AuthSource='internal',
    [Parameter(Mandatory=$false, ParameterSetName='Credential')][PSCredential]$Credential,
    [Parameter(Mandatory=$false)][Switch]$SkipCertificateCheck,
    [Parameter(Mandatory=$false)][System.Net.SecurityProtocolType]$SslProtocol
  )
  if ($PSCmdlet.ParameterSetName -eq 'Credential' -AND $Credential -eq $null) { $Credential = Get-Credential}
  if ($Credential) {
    $username = $Credential.GetNetworkCredential().username
    $password = $Credential.GetNetworkCredential().password
  }
  if ($SkipCertificateCheck) {
    # This if statement is using example code from https://stackoverflow.com/questions/11696944/powershell-v3-invoke-webrequest-https-error
    add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
 "@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
  } # end if SkipCertificate Check
  if ($SslProtocol) {
    [System.Net.ServicePointManager]::SecurityProtocol = $SslProtocol
  }
  $loginBody = @{'username'=$username; 'password'=$password; 'config_name'=$AuthSource}
  try {
    $webRequest = Invoke-WebRequest -Uri "https://$server/account/login" -SessionVariable ws
    $ws.headers.Add('X-Xsrftoken', $webRequest.headers.'x-xsrftoken')
    $webRequest = Invoke-WebRequest -Uri "https://$server/account/login" -WebSession $ws -method POST -body (ConvertTo-Json $loginBody)
    $webRequestJson = ConvertFrom-JSON $webRequest.Content
    $global:DefaultSscConnection = New-Object psobject -property @{ 'SscWebSession'=$ws; 'Name'=$server; 'ConnectionDetail'=$webRequestJson; 
      'User'=$webRequestJson.attributes.config_name +'\'+ $username; 'Authenticated'=$webRequestJson.authenticated; PSTypeName='SscConnection' }
 	  # Return the connection object
 	  $global:DefaultSscConnection
  } catch {
    Write-Error ("Failure connecting to $server. " + $_)
  } # end try/catch block
 }
 Function Disconnect-SscServer { 
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This function clears a previously created cookie/header used to connect to SaltStack Config
  .DESCRIPTION
    This function will clear the global variable used to connect to the vRealize Automation SaltStack Config RaaS API
  .EXAMPLE
    PS C:\> Disconnect-SscServer
 #>
  if ($global:DefaultSscConnection) {
    $global:DefaultSscConnection = $null 
  } else {
    Write-Error 'Could not find an existing connection.'
  } # end if
 }
 Function Get-SscData {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    Use this function to call the SaltStack Config API.
    Additional helper functions will call this function, this is where the majority of the logic will happen.
  .DESCRIPTION
    This function will pass resource/method/arguments to the vRealize Automation SaltStack Config RaaS API.
    It depends on a global variable created by Connect-SscServer.
  .EXAMPLE
    PS C:\> Get-SscData -Resource 'minions' -Method 'get_minion_cache'
 #>
  param(
    [Parameter(Mandatory=$true)][string]$resource,
    [Parameter(Mandatory=$true)][string]$method,
    [System.Collections.Hashtable]$kwarg
  )
  if (!$global:DefaultSscConnection) {
    Write-Error 'You are not currently connected to any servers. Please connect first using Connect-SscServer.'
    return;
  } # end if
  if (!$kwarg) {
    $body = @{'resource'=$resource; 'method'=$method }
  } else {
    $body = @{'resource'=$resource; 'method'=$method; 'kwarg'=$kwarg }
  }
  try{
    $jsonBody = $(ConvertTo-Json $body -Depth 4 -Compress )
    write-debug "JSON Body: $jsonBody"
    $output = Invoke-WebRequest -WebSession $global:DefaultSscConnection.SscWebSession -Method POST -Uri "https://$($global:DefaultSscConnection.Name)/rpc" -body $jsonBody -ContentType 'application/json'
    $outputJson = (ConvertFrom-Json $output.Content)
    if ($outputJson.error) { Write-Error $outputJson.error }
    if ($outputJson.warnings) { Write-Warning $outputJson.warnings }
    return $outputJson.ret
  } catch {
    Write-Error $_.Exception.Message
  }
 }
 # Lets include a couple sample/helper functions wrappers
 Function Get-SscMaster {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return grain details about the SaltStack Config master node.
  .DESCRIPTION
    This wrapper function will call Get-SscData master.get_master_grains.
  .EXAMPLE
    PS C:\> Get-SscMaster
 #>
  (Get-SscData master get_master_grains).salt.grains
 }
 Function Get-SscMinionCache {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return the grain property cache of SaltStack Config minions.
  .DESCRIPTION
    This wrapper function will call Get-SscData minions.get_minion_cache.
  .EXAMPLE
    PS C:\> Get-SscMinion
 #>
  (Get-SscData minions get_minion_cache).results
 }
 Function Get-SscJob {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return configured SatlStack Config jobs.
  .DESCRIPTION
    This wrapper function will call Get-SscData job.get_jobs.
  .EXAMPLE
    PS C:\> Get-SscJob
 #>
  (Get-SscData job get_jobs).results
 }
 Function Get-SscSchedule {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return schedules for SaltStack Config.
  .DESCRIPTION
    This wrapper function will call Get-SscData schedule.get.
  .EXAMPLE
    PS C:\> Get-SscSchedule
 #>
  (Get-SscData schedule get).results
 }
 Function Get-SscReturn {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return job results from the job cache based on the provided arguments.
  .DESCRIPTION
    This wrapper function will call Get-SscData ret.get_returns with either Jid or MinionID.
  .EXAMPLE
    PS C:\> Get-SscReturn
  .EXAMPLE
    PS C:\> Get-SscReturn -Jid '20211122160147314949'
  .EXAMPLE
    PS C:\> Get-SscReturn -MinionID 't147-win22-01.lab.enterpriseadmins.org'
  .EXAMPLE
    PS C:\> Get-SscReturn -MinionID 't147-win22-01.lab.enterpriseadmins.org' -Jid '20211122160147314949'
 #>
  param(
    [string]$jid,
    [string]$MinionID
  )
  $kwarg = @{}
  if ($jid) { $kwarg += @{'jid'=$jid} }
  if ($MinionID) { $kwarg += @{'minion_id'=$MinionID} }
  (Get-SscData ret get_returns $kwarg).results
 }
 Function Get-SscActivity {
 <#
  .NOTES
  ===========================================================================
   Created by:	Brian Wuchner
   Date:		November 27, 2021
   Blog:		www.enterpriseadmins.org
   Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return SaltStack Config commands that have been issued.
    In the web interface this is similar to the Activity button.
  .DESCRIPTION
    This wrapper function will call Get-SscData cmd.get_cmds.
  .EXAMPLE
    PS C:\> Get-SscActivity
 #>
  (Get-SscData cmd get_cmds).results
 }
 Function Get-SscFile {
 <#
  .NOTES
  ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 12, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return file contents from the file server based on the provided arguments.
  .DESCRIPTION
    This wrapper function will call Get-SscData fs get_file and pass in specified saltenv and path parameters.
  .EXAMPLE
    PS C:\> Get-SscFile -saltenv 'sse' -path '/myfiles/file.sls'
  .EXAMPLE
    PS C:\> Get-SscFile -fileuuid '5e2483e8-a981-4e8c-9e83-01d1930413db'
 #>
  param(
    [Parameter(Mandatory=$true, ParameterSetName='ByFileUUID', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][Alias('fileuuid')][string]$uuid,
    [Parameter(Mandatory=$true, ParameterSetName='ByFilePath')][string]$saltenv,
    [Parameter(Mandatory=$true, ParameterSetName='ByFilePath')][string]$path
  )
  $kwarg = @{}
  if ($uuid) { $kwarg += @{'file_uuid'=$uuid } }
  if ($saltenv) {
    $kwarg += @{'saltenv'=$saltenv}
    $kwarg += @{'path'=$path}
  }
  if ( Get-SscData fs file_exists $kwarg ) {
    Get-SscData fs get_file $kwarg
  } else {
    if ($uuid) { Write-Error "File with UUID: $uuid not found." } else { Write-Error "File at path $saltenv $path not found." }
  }
 }
 Function Set-SscFile {
 <#
  .NOTES
  ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 12, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will update file contents on the file server based on the provided arguments.
  .DESCRIPTION
    This wrapper function will call Get-SscData fs update_file and pass in specified fileuuid or saltenv and path parameters.
  .EXAMPLE
    PS C:\> Set-SscFile -saltenv 'sse' -path '/myfiles/file.sls' "#This is my content. `n#And so is this"
  .EXAMPLE
    PS C:\> Get-SscFile -saltenv 'sse' -path '/myfiles/file.sls' | Set-SscFile -contenttype 'text/x-yaml'
 #>
  [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact='High')]
  param(
    [Parameter(Mandatory=$true, ParameterSetName='ByFileUUID', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][Alias('fileuuid')][string]$uuid,
    [Parameter(Mandatory=$true, ParameterSetName='ByFilePath')][string]$saltenv,
    [Parameter(Mandatory=$true, ParameterSetName='ByFilePath')][string]$path,
    [string]$content,
    [ValidateSet('text/plain','text/x-python','application/json','text/x-yaml')][string]$contenttype
  )
  $kwarg = @{}
  if ($uuid) { $kwarg += @{'file_uuid'=$uuid } }
  if ($saltenv) {
    $kwarg += @{'saltenv'=$saltenv}
    $kwarg += @{'path'=$path}
  }
  # if the file exists, get its contents based on the correct parameterset.  If it does not exist recommend the correct function.
  if ( Get-SscData fs file_exists $kwarg ) {
    if ( $PSCmdlet.ParameterSetName -eq 'ByFileUUID' ) {
      $currentFile = Get-SscFile -fileuuid $uuid
    } else {
      $currentFile = Get-SscFile -saltenv $saltenv -path $path
    }
  } else {
    Write-Error "Specified file does not exist, use New-SscFile instead."
    return $null
  }
  if (!$content) { $content = $currentFile.contents }
  $kwarg += @{'contents'=$content}
  if (!$contenttype) { $contenttype = $currentfile.content_type }
  $kwarg += @{'content_type'=$contenttype}
  if ($PSCmdlet.ShouldProcess( "$($currentFile.saltenv)$($currentFile.path) ($($currentFile.uuid))" , 'update')) {
    Get-SscData fs update_file $kwarg
  }
 }
 Function New-SscFile {
 <#
  .NOTES
  ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 12, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will create a new file on the file server based on the provided arguments.
  .DESCRIPTION
    This wrapper function will call Get-SscData fs save_file and pass in specified saltenv and path parameters.
  .EXAMPLE
    PS C:\> New-SscFile -saltenv 'sse' -path '/myfiles/file.sls' -content '#this is my file content' -contenttype 'text/plain'
 #>
  param(
    [Parameter(Mandatory=$true)][string]$saltenv,
    [Parameter(Mandatory=$true)][string]$path,
    [string]$content,
    [ValidateSet('text/plain','text/x-python','application/json','text/x-yaml')][string]$contenttype
  )
  $kwarg = @{}
  $kwarg += @{'saltenv'=$saltenv}
  $kwarg += @{'path'=$path}
  # if the file exists, get its contents based on the correct parameterset.  If it does not exist recommend the correct function.
  if ( Get-SscData fs file_exists $kwarg ) {
    Write-Error "Specified file already exists, use Set-SscFile instead."
    return $null
  }
  if ($content) { $kwarg += @{'contents'=$content} }
  if ($contenttype) {
    # if a contenttype is passed to the function we'll use it
    $kwarg += @{'content_type'=$contenttype}
  } else {
    # and finally we'll default to text
    $kwarg += @{'content_type' = 'text/plain' }
  }
  Get-SscData fs save_file $kwarg
 }
 Function Remove-SscFile {
 <#
  .NOTES
  ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 12, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will delete a specified file from the file server based on the provided arguments.
  .DESCRIPTION
    This wrapper function will call Get-SscData fs delete_file and pass in specified fileuuid or saltenv and path parameters.
  .EXAMPLE
    PS C:\> Remove-SscFile -saltenv 'sse' -path '/myfiles/file.sls'
  .EXAMPLE
    PS C:\> Get-SscFile -saltenv 'sse' -path '/myfiles/file.sls' | Remove-SscFile
 #>
  [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact='High')]
  param(
    [Parameter(Mandatory=$true, ParameterSetName='ByFileUUID', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][Alias('fileuuid')][string]$uuid,
    [Parameter(Mandatory=$true, ParameterSetName='ByFilePath')][string]$saltenv,
    [Parameter(Mandatory=$true, ParameterSetName='ByFilePath')][string]$path
  )
  $kwarg = @{}
  if ($uuid) { $kwarg += @{'file_uuid'=$uuid } }
  if ($saltenv) {
    $kwarg += @{'saltenv'=$saltenv}
    $kwarg += @{'path'=$path}
  }
  if ( Get-SscData fs file_exists $kwarg ) {
    if ($PSCmdlet.ShouldProcess( $(if ($uuid) {$uuid} else {"$saltenv $path"}) , 'delete')) {
      Get-SscData fs delete_file $kwarg
    }
  } else {
    Write-Error "Specified file does not exist."
    return $null
  }
 }
 Function Get-SscLicense {
 <#
  .NOTES
  ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 12, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return license information for SaltStack Config.
  .DESCRIPTION
    This wrapper function will call Get-SscData license.get_current_license and return the desc property.
  .EXAMPLE
    PS C:\> Get-SscLicense
 #>
  (Get-SscData license get_current_license).desc
 }
 Function Get-SscvRALicense {
 <#
  .NOTES
  ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 12, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
  ===========================================================================
  .SYNOPSIS
    This wrapper function will return vRealize Automation license information for SaltStack Config.
  .DESCRIPTION
    This wrapper function will call Get-SscData license.get_vra_license and return the serial and edition property.
  .EXAMPLE
    PS C:\> Get-SscvRALicense
 #>
  Get-SscData license get_vra_license
 }
 Function Get-SscMinionKey {
  <#
    .NOTES
    ===========================================================================
      Created by:	Brian Wuchner
      Date:		February 12, 2022
      Blog:		www.enterpriseadmins.org
      Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
      This wrapper function will return minion key state information for SaltStack Config.
    .DESCRIPTION
      This wrapper function will call Get-SscData minions.get_minion_key_state and return the minions key states.  
      Optionally a key state can be provided and the results will be filtered to only return the requested state.
    .EXAMPLE
      PS C:\> Get-SscMinionKeyState
    .EXAMPLE
      PS C:\> Get-SscMinionKeyState -key_state pending
  #>
  param(
    [ValidateSet('accepted','rejected','pending','denied')][string]$state
  )
  $kwarg = @{}
  if ($state) { $kwarg.add('key_state',$state) }
  (Get-SscData minions get_minion_key_state $kwarg).results
 }
 Function Set-SscMinionKey {
  <#
    .NOTES
    ===========================================================================
      Created by:	Brian Wuchner
      Date:		February 12, 2022
      Blog:		www.enterpriseadmins.org
      Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
      This wrapper function will set minion key state information for SaltStack Config.
    .DESCRIPTION
      This wrapper function will call Get-SscData minions.set_minion_key_state and update the states for specific minions.  
    .EXAMPLE
      PS C:\> Get-SscMinionKeyState |?{$_.name -eq 'server2022a'} | Set-SscMinionKeyState -state accept
    .EXAMPLE
      PS C:\> Set-SscMinionKeyState -master 'salt' -minion 'server2022a' -state reject -confirm:$false
  #>
  [cmdletbinding(SupportsShouldProcess)]
  param(
    [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][string]$master,
    [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][string]$minion,
    [Parameter(Mandatory, ParameterSetName='accept')][switch]$accept,
    [Parameter(Mandatory, ParameterSetName='reject')][switch]$reject
  )
  begin {
    $collection = @()
  }
  process {
    if ($PSCmdlet.ParameterSetName -eq 'accept') { $state = 'accept'}
    if ($PSCmdlet.ParameterSetName -eq 'reject') { $state = 'reject'}
    if ($PSCmdlet.ShouldProcess("$master : $minion" , $state)) {
      $collection += ,@($master, $minion)
    }
  }
  end {
    $kwarg = @{}
    $kwarg.Add('state', $state)
    if ($state -eq 'reject') {$kwarg.Add('include_accepted', $true)}
    if ($state -eq 'accept') {$kwarg.Add('include_rejected', $true)}
    if ($state -eq 'accept' -OR $state -eq 'reject') {$kwarg.Add('include_denied',$true)}
    $kwarg.Add('minions', @( $collection ) )
    (Get-SscData minions set_minion_key_state $kwarg).task_ids
  }
 }
 Function Remove-SscMinionKey {
  <#
    .NOTES
    ===========================================================================
      Created by:	Brian Wuchner
      Date:		February 12, 2022
      Blog:		www.enterpriseadmins.org
      Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
      This wrapper function will delete a minion key for SaltStack Config.
    .DESCRIPTION
      This wrapper function will call Get-SscData minions.set_minion_key_state and remove the specified minion keys.  
    .EXAMPLE
      PS C:\> Get-SscMinionKeyState |?{$_.name -eq 'server2022a'} | Remove-SscMinionKeyState
    .EXAMPLE
      PS C:\> Remove-SscMinionKeyState -master 'salt' -minion 'server2022a' -confirm:$false
  #>
  [cmdletbinding(SupportsShouldProcess=$true,ConfirmImpact='High')]
  param(
    [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][string]$master,
    [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][string]$minion
  )
  begin {
    $collection = @()
  }
  process {
    if ($PSCmdlet.ShouldProcess("$master : $minion" , 'delete')) {
      $collection += ,@($master, $minion)
    }
  }
  end {
    $kwarg = @{}
    $kwarg.Add('state','delete')
    $kwarg.Add('minions', @( $collection ) )
    (Get-SscData minions set_minion_key_state $kwarg).task_ids
  }
 }
--- a/Modules/Start-UNMAP/Start-UNMAP.psm1
+++ b/Modules/Start-UNMAP/Start-UNMAP.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Start-UNMAP {
 <#
 	.SYNOPSIS
--- a/Modules/VAMI/VAMI.psm1
+++ b/Modules/VAMI/VAMI.psm1
@@ -1,4 +1,9 @@
-Function Get-VAMISummary {
+<#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-VAMISummary {
 <#
    .NOTES
    ===========================================================================
@@ -17,7 +22,7 @@
        Get-VAMISummary
 #>
    $systemVersionAPI = Get-CisService -Name 'com.vmware.appliance.system.version'
-    $results = $systemVersionAPI.get() | select product, type, version, build, install_time
+    $results = $systemVersionAPI.get() | select product, type, version, build, install_time, releasedate
    $systemUptimeAPI = Get-CisService -Name 'com.vmware.appliance.system.uptime'
    $ts = [timespan]::fromseconds($systemUptimeAPI.get().toString())
@@ -29,6 +34,7 @@
        Version = $results.version;
        Build = $results.build;
        InstallTime = $results.install_time;
        ReleaseDate = $results.releasedate;
        Uptime = $uptime
    }
    $summaryResult
@@ -109,6 +115,7 @@ Function Get-VAMIAccess {
        Console = $consoleAccess;
        DCUI = $dcuiAccess;
        BashShell = $shellAccess.enabled;
        BashTimeout = $shellAccess.timeout;
        SSH = $sshAccess
    }
    $accessResult
@@ -122,7 +129,10 @@ Function Get-VAMITime {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
-	===========================================================================
+     Modifed by:    Michael Dunsdon
     Twitter:      @MJDunsdon
     Date:         September 16, 2020
    ===========================================================================
    .SYNOPSIS
        This function retrieves the time and NTP info from VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
@@ -131,12 +141,16 @@ Function Get-VAMITime {
    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Get-VAMITime
    .NOTES
        Modified script to account for Newer VCSA. Script supports 6.5 and 6.7 VCSAs
 #>
-    $systemTimeAPI = Get-CisService -Name 'com.vmware.appliance.system.time'
+    $systemTimeAPI = ( Get-VAMIServiceAPI -NameFilter "system.time")
    $timeResults = $systemTimeAPI.get()
-    $timeSync = (Get-CisService -Name 'com.vmware.appliance.techpreview.timesync').get()
+    $timeSyncMode = ( Get-VAMIServiceAPI -NameFilter "timesync").get()
-    $timeSyncMode = $timeSync.mode
+    if ($timeSyncMode.mode) {
        $timeSyncMode = $timeSync.mode
    }
    $timeResult  = [pscustomobject] @{
        Timezone = $timeResults.timezone;
@@ -148,13 +162,84 @@ Function Get-VAMITime {
    }
    if($timeSyncMode -eq "NTP") {
-        $ntpServers = (Get-CisService -Name 'com.vmware.appliance.techpreview.ntp').get()
+        $ntpServers = ( Get-VAMIServiceAPI -NameFilter "ntp").get()
-        $timeResult.NTPServers = $ntpServers.servers
+        if ($ntpServers.servers) {
-        $timeResult.NTPStatus = $ntpServers.status
+            $timeResult.NTPServers = $ntpServers.servers
            $timeResult.NTPStatus = $ntpServers.status
        } else {
            $timeResult.NTPServers = $ntpServers
            $timeResult.NTPStatus = ( Get-VAMIServiceAPI -NameFilter "ntp").test(( Get-VAMIServiceAPI -NameFilter "ntp").get()).status
        }
    }
    $timeResult
 }
 Function Set-VAMITimeSync {
 <#
    .NOTES
    ===========================================================================
     Inspired by:   William Lam
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
     Created by:    Michael Dunsdon
     Twitter:       @MJDunsdon
     Date:          September 21, 2020
    ===========================================================================
    .SYNOPSIS
        This function sets the time and NTP info from VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
    .DESCRIPTION
        Function to return current Time and NTP information
    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Set-VAMITimeSync -SyncMode "NTP" -TimeZone "US/Pacific" -NTPServers "10.0.0.10,10.0.0.11,10.0.0.12"
    .NOTES
        Create script to Set NTP for Newer VCSA. Script supports 6.7 VCSAs
 #>
    param(
        [Parameter(Mandatory=$true)]
        [ValidateSet('Disabled', 'NTP', 'Host')]
        [String]$SyncMode,
        [Parameter(Mandatory=$False,HelpMessage="TimeZone Name needs to be in Posix Naming / Unix format")]
        [String]$TimeZone,
        [Parameter(Mandatory=$false,HelpMessage="NTP Servers need to be either a string separated by ',' or an array of servers")]
        $NTPServers
    )
    $timeSyncMode = ( Get-VAMIServiceAPI -NameFilter "timesync").get()
    if ($timeSyncMode.gettype().name -eq "PSCustomObject") {
        if ($SyncMode.ToUpper() -ne $timeSyncMode.mode.toupper()) {
          $timesyncapi = (Get-VAMIServiceAPI -NameFilter "timesync")
          $timesyncconfig = $timesyncapi.help.set.config.createexample()
          $timesyncconfig = $Sync
          $timesyncapi.set($timesyncconfig)
        }
    } else {
        if ($SyncMode.ToUpper() -ne $timeSyncMode.toupper()) {
            $timesyncapi = (Get-VAMIServiceAPI -NameFilter "timesync")
            $timesyncapi.set($Sync)
        }
        if ($NTPServers) {
            $ntpapi = (Get-VAMIServiceAPI -NameFilter "ntp")
            if ($NTPServers.gettype().Name -eq "String") {
                $NTPServersArray = ($NTPServers -split ",").trim()
            } else {
                 $NTPServersArray = $NTPServers
            }
            if ($NTPServersArray -ne $ntpapi.get()) {
                $ntpapi.set($NTPServersArray)
            }
        }
        if ($TimeZone) {
            $timezoneapi = (Get-VAMIServiceAPI -NameFilter "timezone")
            if ($TimeZone -ne ($timezoneapi.get())) {
                $timezoneapi.set($TimeZone)
            }
        }
    }
 }
 Function Get-VAMINetwork {
 <#
    .NOTES
@@ -163,6 +248,9 @@ Function Get-VAMINetwork {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
     Modifed by:    Michael Dunsdon, Mathieu Allegret
     Twitter:      @MJDunsdon
     Date:         September 21, 2020
 	===========================================================================
    .SYNOPSIS
        This function retrieves network information from VAMI interface (5480)
@@ -172,31 +260,35 @@ Function Get-VAMINetwork {
    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Get-VAMINetwork
    .NOTES
        Modified script to account for Newer VCSA. Script supports 6.5 and 6.7 VCSAs
 #>
    $netResults = @()
-    $Hostname = (Get-CisService -Name 'com.vmware.appliance.networking.dns.hostname').get()
+    $Hostname = (Get-VAMIServiceAPI -NameFilter "dns.hostname").get()
-    $dns = (Get-CisService -Name 'com.vmware.appliance.networking.dns.servers').get()
+    $dns = (Get-VAMIServiceAPI -NameFilter "dns.servers").get()
-    Write-Host "Hostname: " $hostname
+    $interfaces = (Get-VAMIServiceAPI -NameFilter "interfaces").list()
    Write-Host "DNS Servers: " $dns.servers
    $interfaces = (Get-CisService -Name 'com.vmware.appliance.networking.interfaces').list()
    foreach ($interface in $interfaces) {
-        $ipv4API = (Get-CisService -Name 'com.vmware.appliance.techpreview.networking.ipv4')
+        $ipv4API = (Get-VAMIServiceAPI -NameFilter "ipv4")
-        $spec = $ipv4API.Help.get.interfaces.CreateExample()
+        if ($ipv4API.help.get.psobject.properties.name -like "*_*") {
-        $spec+= $interface.name
+            $ipv4result = $ipv4API.get($interface.Name)
-        $ipv4result = $ipv4API.get($spec)
+            $Updateable = $ipv4result.configurable
-
+        } else {
            $ipv4result = $ipv4API.get(@($interface.Name))
            $Updateable = $ipv4result.updateable
        }
        $interfaceResult = [pscustomobject] @{
-            Inteface =  $interface.name;
+	    Hostname = $Hostname
-            MAC = $interface.mac;
+            Inteface = $interface.name
-            Status = $interface.status;
+            MAC = $interface.mac
-            Mode = $ipv4result.mode;
+            Status = $interface.status
-            IP = $ipv4result.address;
+            Mode = $ipv4result.mode
-            Prefix = $ipv4result.prefix;
+            IP = $ipv4result.address
-            Gateway = $ipv4result.default_gateway;
+            Prefix = $ipv4result.prefix
-            Updateable = $ipv4result.updateable
+            Gateway = $ipv4result.default_gateway
 	    DNSServers = $dns.servers
            Updateable = $Updateable
        }
        $netResults += $interfaceResult
    }
@@ -224,8 +316,8 @@ Function Get-VAMIDisks {
    $storageAPI = Get-CisService -Name 'com.vmware.appliance.system.storage'
    $disks = $storageAPI.list()
-    foreach ($disk in $disks | sort {[int]$_.disk.toString()}) {
+    foreach ($disk in $disks | Sort-Object {[int]$_.disk.toString()}) {
-        $disk | Select Disk, Partition
+        $disk | Select-Object Disk, Partition
    }
 }
@@ -286,6 +378,9 @@ Function Get-VAMIStorageUsed {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
     Modifed by:    Michael Dunsdon
     Twitter:      @MJDunsdon
     Date:         September 16, 2020
 	===========================================================================
    .SYNOPSIS
        This function retrieves the individaul OS partition storage utilization
@@ -295,70 +390,49 @@ Function Get-VAMIStorageUsed {
    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Get-VAMIStorageUsed
    .NOTES
        Modified script to account for Newer VCSA. Script supports 6.5 and 6.7 VCSAs.
        Also modifed the static list of filesystems to be more dynamic in nature to account for the differences in VCSA versions.
 #>
    $monitoringAPI = Get-CisService 'com.vmware.appliance.monitoring'
    $querySpec = $monitoringAPI.help.query.item.CreateExample()
    # List of IDs from Get-VAMIStatsList to query
-    $querySpec.Names = @(
+    $querySpec.Names = ($monitoringAPI.list() | Where-Object {($_.name -like "*storage.used.filesystem*") -or ($_.name -like "*storage.totalsize.filesystem*") } | Select-Object id | Sort-Object -Property id).id.value
    "storage.used.filesystem.autodeploy",
    "storage.used.filesystem.boot",
    "storage.used.filesystem.coredump",
    "storage.used.filesystem.imagebuilder",
    "storage.used.filesystem.invsvc",
    "storage.used.filesystem.log",
    "storage.used.filesystem.netdump",
    "storage.used.filesystem.root",
    "storage.used.filesystem.updatemgr",
    "storage.used.filesystem.vcdb_core_inventory",
    "storage.used.filesystem.vcdb_seat",
    "storage.used.filesystem.vcdb_transaction_log",
    "storage.totalsize.filesystem.autodeploy",
    "storage.totalsize.filesystem.boot",
    "storage.totalsize.filesystem.coredump",
    "storage.totalsize.filesystem.imagebuilder",
    "storage.totalsize.filesystem.invsvc",
    "storage.totalsize.filesystem.log",
    "storage.totalsize.filesystem.netdump",
    "storage.totalsize.filesystem.root",
    "storage.totalsize.filesystem.updatemgr",
    "storage.totalsize.filesystem.vcdb_core_inventory",
    "storage.totalsize.filesystem.vcdb_seat",
    "storage.totalsize.filesystem.vcdb_transaction_log"
    )
    # Tuple (Filesystem Name, Used, Total) to store results
    $storageStats = @{
    "archive"=@{"name"="/storage/archive";"used"=0;"total"=0};
    "autodeploy"=@{"name"="/storage/autodeploy";"used"=0;"total"=0};
    "boot"=@{"name"="/boot";"used"=0;"total"=0};
-    "coredump"=@{"name"="/storage/core";"used"=0;"total"=0};
+    "core"=@{"name"="/storage/core";"used"=0;"total"=0};
    "imagebuilder"=@{"name"="/storage/imagebuilder";"used"=0;"total"=0};
    "invsvc"=@{"name"="/storage/invsvc";"used"=0;"total"=0};
    "log"=@{"name"="/storage/log";"used"=0;"total"=0};
    "netdump"=@{"name"="/storage/netdump";"used"=0;"total"=0};
    "root"=@{"name"="/";"used"=0;"total"=0};
    "updatemgr"=@{"name"="/storage/updatemgr";"used"=0;"total"=0};
-    "vcdb_core_inventory"=@{"name"="/storage/db";"used"=0;"total"=0};
+    "db"=@{"name"="/storage/db";"used"=0;"total"=0};
-    "vcdb_seat"=@{"name"="/storage/seat";"used"=0;"total"=0};
+    "seat"=@{"name"="/storage/seat";"used"=0;"total"=0};
-    "vcdb_transaction_log"=@{"name"="/storage/dblog";"used"=0;"total"=0}
+    "dblog"=@{"name"="/storage/dblog";"used"=0;"total"=0};
    "swap"=@{"name"="swap";"used"=0;"total"=0}
    }
    $querySpec.interval = "DAY1"
    $querySpec.function = "MAX"
-    $querySpec.start_time = ((get-date).AddDays(-1))
+    $querySpec.start_time = ((Get-Date).AddDays(-1))
    $querySpec.end_time = (Get-Date)
-    $queryResults = $monitoringAPI.query($querySpec) | Select * -ExcludeProperty Help
+    $queryResults = $monitoringAPI.query($querySpec) | Select-Object * -ExcludeProperty Help
    foreach ($queryResult in $queryResults) {
        # Update hash if its used storage results
        $key = ((($queryResult.name).toString()).split(".")[-1]) -replace "coredump","core" -replace "vcdb_","" -replace "core_inventory","db" -replace "transaction_log","dblog"
        $value = [Math]::Round([int]($queryResult.data[1]).toString()/1MB,2)
        if($queryResult.name -match "used") {
            $key = (($queryResult.name).toString()).split(".")[-1]
            $value = [Math]::Round([int]($queryResult.data[1]).toString()/1MB,2)
            $storageStats[$key]["used"] = $value
        # Update hash if its total storage results
        } else {
            $key = (($queryResult.name).toString()).split(".")[-1]
            $value = [Math]::Round([int]($queryResult.data[1]).toString()/1MB,2)
            $storageStats[$key]["total"] = $value
        }
    }
@@ -406,7 +480,6 @@ Function Get-VAMIService {
    if($Name -ne "") {
        $vMonAPI = Get-CisService 'com.vmware.appliance.vmon.service'
        try {
            $serviceStatus = $vMonAPI.get($name,0)
            $serviceString = [pscustomobject] @{
@@ -423,7 +496,6 @@ Function Get-VAMIService {
    } else {
        $vMonAPI = Get-CisService 'com.vmware.appliance.vmon.service'
        $services = $vMonAPI.list_details()
        $serviceResult = @()
        foreach ($key in $services.keys | Sort-Object -Property Value) {
            $serviceString = [pscustomobject] @{
@@ -448,7 +520,7 @@ Function Start-VAMIService {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
-	===========================================================================
+    ===========================================================================
    .SYNOPSIS
        This function retrieves list of services in VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
@@ -470,8 +542,8 @@ Function Start-VAMIService {
    $vMonAPI = Get-CisService 'com.vmware.appliance.vmon.service'
    try {
-        Write-Host "Starting $name service ..."
+        Write-Host "Starting $Name service ..."
-        $vMonAPI.start($name)
+        $vMonAPI.start($Name)
    } catch {
        Write-Error $Error[0].exception.Message
    }
@@ -507,8 +579,8 @@ Function Stop-VAMIService {
    $vMonAPI = Get-CisService 'com.vmware.appliance.vmon.service'
    try {
-        Write-Host "Stopping $name service ..."
+        Write-Host "Stopping $Name service ..."
-        $vMonAPI.stop($name)
+        $vMonAPI.stop($Name)
    } catch {
        Write-Error $Error[0].exception.Message
    }
@@ -556,15 +628,20 @@ Function Get-VAMIUser {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
-	===========================================================================
+     Modifed by:    Michael Dunsdon
-	.SYNOPSIS
+     Twitter:      @MJDunsdon
-		This function retrieves VAMI local users using VAMI interface (5480)
+     Date:         September 16, 2020
    ===========================================================================
    .SYNOPSIS
        This function retrieves VAMI local users using VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
-	.DESCRIPTION
+    .DESCRIPTION
-		Function to retrieve VAMI local users
+        Function to retrieve VAMI local users
-	.EXAMPLE
+    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Get-VAMIUser
    .NOTES
        Modified script to account for Newer VCSA. Script supports 6.5 and 6.7 VCSAs.
 #>
    param(
        [Parameter(
@@ -575,42 +652,57 @@ Function Get-VAMIUser {
        [String]$Name
    )
-    $userAPI = Get-CisService 'com.vmware.appliance.techpreview.localaccounts.user'
+    $userAPI = Get-VAMIServiceAPI -NameFilter "accounts"
    $UserResults = @()
-    $userResults = @()
+    # Get a list of users
    try {
        $Users = $UserAPI.list()
    } catch {
        write-error $_
    }
-    if($Name -ne "") {
+    # Apply filtering if Name input is provided
-        try {
+    if ($Name -ne '' -AND $Name -ne $null) {
-            $user = $userAPI.get($name)
+        # For 6.5 API, the username is part of the list returnset; for 6.7/7.x API the value from the list is the username. Because of this we will use an OR filter to account for either case.
        $Users = $Users | Where-Object {$_.username -eq $name -OR $_.value -eq $name}
    }
-            $userString = [pscustomobject] @{
+    if ($Users.status) {
-                User = $user.username
+        # This is for 6.5 API, which has a status property; in newer API response there is an enabled property with values of True/False
-                Name = $user.fullname
+        foreach ($User in $Users) {
-                Email = $user.email
+            $UserString = [pscustomobject] @{
-                Status = $user.status
+                User = $User.username
-                PasswordStatus = $user.passwordstatus
+                Name = $User.fullname
-                Role = $user.role
+                Email = $User.email
                Enabled = if ($User.status -eq 'enabled' ) { $true } else { $false }
                Status = $User.status
                LastPasswordChange = $null
                PasswordExpiresAt = $null
                PasswordStatus = $User.passwordstatus
                Roles = @($User.role)
            }
-            $userResults += $userString
+            $UserResults += $UserString
        } catch {
            Write-Error $Error[0].exception.Message
        }
    } else {
-        $users = $userAPI.list()
+        # This is for 6.7/7.0+ API response
-
+        foreach ($User in $Users) {
-        foreach ($user in $users) {
+            $UserInfo = $userAPI.get($User.Value)
-            $userString = [pscustomobject] @{
+            $UserString = [pscustomobject] @{
-                User = $user.username
+                User = $User.value
-                Name = $user.fullname
+                Name = $UserInfo.fullname
-                Email = $user.email
+                Email = $UserInfo.email
-                Status = $user.status
+                Enabled = $UserInfo.enabled
-                PasswordStatus = $user.passwordstatus
+                Status = if ($userInfo.enabled ) { 'enabled' } else { 'disabled' }
-                Role = $user.role
+                LastPasswordChange = $UserInfo.last_password_change
                PasswordExpiresAt = $UserInfo.password_expires_at
                PasswordStatus = if ($UserInfo.has_password) { if ((!!$UserInfo.password_expires_at) -and ( (Get-Date) -lt [datetime]$UserInfo.password_expires_at)) {'valid'} else {'expired'}} else { 'notset'}
                Roles = $UserInfo.roles
            }
-            $userResults += $userString
+            $UserResults += $UserString
        }
    }
-    $userResults
+    $UserResults
 }
 Function New-VAMIUser {
@@ -621,53 +713,148 @@ Function New-VAMIUser {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
-	===========================================================================
+     Modifed by:    Michael Dunsdon
-	.SYNOPSIS
+     Twitter:       @MJDunsdon
-		This function to create new VAMI local user using VAMI interface (5480)
+     Date:          September 16, 2020
    ===========================================================================
    .SYNOPSIS
        This function to create new VAMI local user using VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
-	.DESCRIPTION
+    .DESCRIPTION
-		Function to create a new VAMI local user
+        Function to create a new VAMI local user
-	.EXAMPLE
+    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
-        New-VAMIUser -name lamw -fullname "William Lam" -role "operator" -email "lamw@virtuallyghetto.com" -password "VMware1!"
+        New-VAMIUser -name lamw -fullname "William Lam" -role "operator" -email "lamw@virtuallyghetto.com" -password "VMware1!" -passwordexpires  -passwordexpiresat "1/1/1970" -maxpasswordage 90
    .NOTES
        Modified script to account for Newer VCSA. Script supports 6.5 and 6.7 VCSAs.
        Also added new Parameters to script.
 #>
    param(
-        [Parameter(
+        [Parameter(Mandatory=$true)]
-            Mandatory=$true)
+        [String]$Name,
-        ]
+        [Parameter(Mandatory=$true)]
-        [String]$name,
+        [String]$FullName,
-        [Parameter(
+        [Parameter(Mandatory=$true)]
-            Mandatory=$true)
+        [ValidateSet("admin","operator","superAdmin")]
-        ]
+        [String]$Role,
-        [String]$fullname,
+        [Parameter(Mandatory=$false)]
-        [Parameter(
+        [String]$Email="",
-            Mandatory=$true)
+        [Parameter(Mandatory=$true)]
-        ]
+        [String]$Password,
-        [ValidateSet("admin","operator","superAdmin")][String]$role,
+        [Parameter(Mandatory=$false)]
-        [Parameter(
+        [switch]$PasswordExpires,
-            Mandatory=$false)
+        [Parameter(Mandatory=$false)]
-        ]
+        [String]$PasswordExpiresAt = $null,
-        [String]$email="",
+        [Parameter(Mandatory=$false)]
-        [Parameter(
+        [String]$MaxPasswordAge = 90
            Mandatory=$true)
        ]
        [String]$password
    )
-    $userAPI = Get-CisService 'com.vmware.appliance.techpreview.localaccounts.user'
+    $userAPI = Get-VAMIServiceAPI -NameFilter "accounts"
-    $createSpec = $userAPI.Help.add.config.CreateExample()
+    if ($userAPI.name -eq 'com.vmware.appliance.techpreview.localaccounts.user') {
        $CreateSpec = $UserAPI.Help.add.config.Create()
    } else {
        $CreateSpec = $UserAPI.Help.create.config.Create()
    }
-    $createSpec.username = $name
+    $CreateSpec.email = $Email
-    $createSpec.fullname = $fullname
+    $CreateSpec.password = [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$Password
    $createSpec.role = $role
    $createSpec.email = $email
    $createSpec.password = [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$password
-    try {
+    if ($CreateSpec.psobject.properties.name -contains "username") {
-        Write-Host "Creating new user $name ..."
+        # This is for 6.5 API
-        $userAPI.add($createSpec)
+        $CreateSpec.username = $Name
-    } catch {
+        $CreateSpec.fullname = $FullName
-        Write-Error $Error[0].exception.Message
+        $CreateSpec.role = $Role
        try {
            Write-Host "Creating new user $Name ..."
            $UserAPI.add($CreateSpec)
        } catch {
            Write-Error $Error[0].exception.Message
        }
    } else {
        # This is for 6.7/7.0+ API
        $CreateSpec.full_name = $FullName
        $CreateSpec.roles = @($Role)
        $CreateSpec.password_expires = [string]$PasswordExpires
        $CreateSpec.password_expires_at = $PasswordExpiresAt
        $CreateSpec.max_days_between_password_change = $MaxPasswordAge
        try {
            Write-Host "Creating new user $Name ..."
            $UserAPI.create($Name, $CreateSpec)
        } catch {
            Write-Error $_
        }
    }
 }
 Function Update-VAMIUser {
 <#
    .NOTES
    ===========================================================================
     Inspired by:    William Lam
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
     Created by:    Michael Dunsdon
     Twitter:      @MJDunsdon
     Date:         September 21, 2020
    ===========================================================================
    .SYNOPSIS
        This function to update fields of a VAMI local user using VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
    .DESCRIPTION
        Function to update fields of a VAMI local user
    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Update-VAMIUser -name lamw -fullname "William Lam" -role "operator" -email "lamw@virtuallyghetto.com" -password "VMware1!" -passwordexpires  -passwordexpiresat "1/1/1970" -maxpasswordage 90
    .NOTES
        Created script to allow updating of an exisiting user account. Script supports 6.5 and 6.7 VCSAs.
 #>
    param(
        [Parameter(Mandatory=$true)]
        [String]$Name,
        [Parameter(Mandatory=$false)]
        [String]$FullName,
        [Parameter(Mandatory=$false)]
        [ValidateSet("admin","operator","superAdmin")]
        [String]$Role,
        [Parameter(Mandatory=$false)]
        [String]$Email="",
        [Parameter(Mandatory=$false)]
        [String]$Password = $null,
        [Parameter(Mandatory=$false)]
        [switch]$PasswordExpires,
        [Parameter(Mandatory=$false)]
        [String]$PasswordExpiresAt = $null,
        [Parameter(Mandatory=$false)]
        [String]$MaxPasswordAge = 90
    )
    $userAPI = Get-VAMIServiceAPI -NameFilter "accounts"
    $UpdateSpec = $UserAPI.Help.set.config.CreateExample()
    $UpdateSpec.fullname = $FullName
    $UpdateSpec.role = $Role
    $UpdateSpec.email = $Email
    if ($UpdateSpec.psobject.properties.name -contains "username") {
        $UpdateSpec.username = $Name
        try {
            Write-Host "Updating Settings for user $Name ..."
            $UserAPI.set($UpdateSpec)
        } catch {
            Write-Error $Error[0].exception.Message
        }
    } else {
        $UpdateSpec.password = [VMware.VimAutomation.Cis.Core.Types.V1.Secret]$Password
        $UpdateSpec.password_expires = $PasswordExpires
        $UpdateSpec.password_expires_at = $PasswordExpiresAt
        $UpdateSpec.max_days_between_password_change = $MaxPasswordAge
        try {
            Write-Host "Updating Settings for user $Name ..."
            $UserAPI.update($Name, $UpdateSpec)
        } catch {
            Write-Error $Error[0].exception.Message
        }
    }
 }
@@ -679,32 +866,30 @@ Function Remove-VAMIUser {
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
-	===========================================================================
+     Modifed by:    Michael Dunsdon
-	.SYNOPSIS
+     Twitter:      @MJDunsdon
-		This function to remove VAMI local user using VAMI interface (5480)
+     Date:         September 21, 2020
    ===========================================================================
    .SYNOPSIS
        This function to remove VAMI local user using VAMI interface (5480)
        for a VCSA node which can be an Embedded VCSA, External PSC or External VCSA.
-	.DESCRIPTION
+    .DESCRIPTION
-		Function to remove VAMI local user
+        Function to remove VAMI local user
-	.EXAMPLE
+    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Get-VAMIAccess
    .NOTES
        Modified script to account for Newer VCSA. Script supports 6.5 and 6.7 VCSAs.
 #>
    [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'High')]
    param(
-        [Parameter(
+        [Parameter(Mandatory=$true)]
-            Mandatory=$true)
+        [String]$Name
        ]
        [String]$name,
        [Parameter(
            Mandatory=$false)
        ]
        [boolean]$confirm=$false
    )
-
+    Begin {}
-    if(!$confirm) {
+    Process{
-        $answer = Read-Host -Prompt "Do you want to delete user $name (Y or N)"
+        if($PSCmdlet.ShouldProcess($Name,'Delete')) {
-        if($answer -eq "Y" -or $answer -eq "y") {
+            $userAPI =  Get-VAMIServiceAPI -NameFilter "accounts"
            $userAPI = Get-CisService 'com.vmware.appliance.techpreview.localaccounts.user'
            try {
                Write-Host "Deleting user $name ..."
                $userAPI.delete($name)
@@ -713,4 +898,41 @@ Function Remove-VAMIUser {
            }
        }
    }
    End{}
 }
 Function Get-VAMIServiceAPI {
 <#
    .NOTES
    ===========================================================================
     Inspired by:    William Lam
     Organization:  VMware
     Blog:          www.virtuallyghetto.com
     Twitter:       @lamw
     Created by:    Michael Dunsdon
     Twitter:      @MJDunsdon
     Date:         September 21, 2020
    ===========================================================================
    .SYNOPSIS
        This function returns the Service Api Based on a String of Service Name.
    .DESCRIPTION
        Function to find and get service api based on service name string
    .EXAMPLE
        Connect-CisServer -Server 192.168.1.51 -User administrator@vsphere.local -Password VMware1!
        Get-VAMIUser -NameFilter "accounts"
    .NOTES
        Script supports 6.5 and 6.7 VCSAs.
        Function Gets all Service Api Names and filters the list based on NameFilter
        If Multiple Serivces are returned it takes the Top one.
 #>
    param(
        [Parameter(Mandatory=$true)]
        [String]$NameFilter
    )
    $ServiceAPI = Get-CisService | Where-Object {$_.name -like "*$($NameFilter)*"}
    if (($ServiceAPI.count -gt 1) -and $NameFilter) {
        $ServiceAPI = ($ServiceAPI | Sort-Object -Property Name)[0]
    }
    return $ServiceAPI
 }
--- a/Modules/VCHA/VCHA.psm1
+++ b/Modules/VCHA/VCHA.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-VCHAConfig {
 <#
    .NOTES
--- a/Modules/VCSA/VCSA.psm1
+++ b/Modules/VCSA/VCSA.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-VCSAPasswordPolicy {
 <#
    .DESCRIPTION Retrieves vCenter Server Appliance SSO and Local OS Password Policy Configuration
--- a/Modules/VMCPFunctions/VMCPFunctions.psm1
+++ b/Modules/VMCPFunctions/VMCPFunctions.psm1
@@ -1,4 +1,8 @@
-function Get-VMCPSettings {
+<#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-VMCPSettings {
 <#
 	.NOTES
 	===========================================================================
--- a/Modules/VMware.CSP/VMware.CSP.psm1
+++ b/Modules/VMware.CSP/VMware.CSP.psm1
@@ -1,4 +1,8 @@
-Function Get-CSPAccessToken {
+<#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-CSPAccessToken {
    <#
        .NOTES
        ===========================================================================
--- a/Modules/VMware.Community.CISTag/VMware.Community.CISTag.psd1
+++ b/Modules/VMware.Community.CISTag/VMware.Community.CISTag.psd1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.Community.CISTag'
 #
--- a/Modules/VMware.Community.CISTag/VMware.Community.CISTag.psm1
+++ b/Modules/VMware.Community.CISTag/VMware.Community.CISTag.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-CISTag {
 <#
 .SYNOPSIS
--- a/Modules/VMware.DRaaS/VMware.DRaaS.psd1
+++ b/Modules/VMware.DRaaS/VMware.DRaaS.psd1
--- a/Modules/VMware.DRaaS/VMware.DRaaS.psm1
+++ b/Modules/VMware.DRaaS/VMware.DRaaS.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Connect-DRaas {
 <#
    .NOTES
--- a/Modules/VMware.HCX/VMware.HCX.psd1
+++ b/Modules/VMware.HCX/VMware.HCX.psd1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.HCX'
 #
--- a/Modules/VMware.HCX/VMware.HCX.psm1
+++ b/Modules/VMware.HCX/VMware.HCX.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Connect-HcxServer {
 <#
    .NOTES
--- a/Modules/VMware.Hv.Helper/VMware.HV.Helper.psm1
+++ b/Modules/VMware.Hv.Helper/VMware.HV.Helper.psm1
@@ -54,6 +54,27 @@ function Get-ViewAPIService {
  return $null
 }
 function Get-HVModuleVersion {
  if (-not (Get-Module -Name "Vmware.VimAutomation.HorizonView" -ErrorAction "SilentlyContinue") ) {
    Import-Module -Name "Vmware.VimAutomation.HorizonView" -ErrorAction Stop
  }
  $hvModules = @( Get-Module -Name "Vmware.VimAutomation.HorizonView" -ErrorAction SilentlyContinue);
  return $($hvModules.version | measure -Maximum).Maximum
 }
 function Get-HVBaseImageVmList {
  param(
    [Parameter(Mandatory = $true)]
    $vcID
  )
  $BaseImage_service_helper = New-Object VMware.Hv.BaseImageVmService
  if ((Get-HVModuleVersion) -lt [version] "12.2") {
    return $BaseImage_service_helper.BaseImageVm_List($services, $vcID)
  } else {
    return $BaseImage_service_helper.BaseImageVm_List($services, $vcID, $null)
  }
 }
 function Get-HVConfirmFlag {
  Param(
    [Parameter(Mandatory = $true)]
@@ -853,6 +874,9 @@ function Get-HVEvent {
 .PARAMETER MessageFilter
   String that can applied in filtering on 'Message' column.
 .PARAMETER SqlTimeout
   Data query command timeout in seconds, default is 30 seconds.
 .EXAMPLE
   $e = Get-HVEvent -hvDbServer $hvDbServer
   $e.Events
@@ -904,7 +928,10 @@ function Get-HVEvent {
    [string]$ModuleFilter = "",
    [Parameter(Mandatory = $false)]
-    [string]$MessageFilter = ""
+    [string]$MessageFilter = "",
    [Parameter(Mandatory = $false)]
    [int]$SqlTimeout = 30
  )
  begin {
@@ -1001,7 +1028,7 @@ function Get-HVEvent {
    $command.CommandText = $query
    $adapter.SelectCommand = $command
    $DataTable = New-Object System.Data.DataTable
-    $adapter.Fill($DataTable)
+    $adapter.Fill($DataTable) | Out-Null
    $toDate = $DataTable.Rows[0][0]
    $fromDate = $toDate.AddDays(- ($timeInDays))
@@ -1034,6 +1061,7 @@ function Get-HVEvent {
    $adapter.SelectCommand = $command
    $DataTable = New-Object System.Data.DataTable
    $adapter.SelectCommand.CommandTimeout = $SqlTimeout
    $adapter.Fill($DataTable) | Out-Null
    Write-Host "Number of records found : " $DataTable.Rows.Count
@@ -2279,6 +2307,38 @@ function New-HVFarm {
    [string]
    $Url,
    #farmSpec.data.lbSettings.lbMetricsSettings.includeSessionCount
    [Parameter(Mandatory = $false)]
    [boolean]
    $includeSessionCount = $true,
    #farmSpec.data.lbSettings.lbMetricsSettings.cpuThreshold
    [ValidateRange(0, 100)]
    [Parameter(Mandatory = $false)]
    [int]
    $cpuThreshold = 0,
    #farmSpec.data.lbSettings.lbMetricsSettings.memThreshold
    [ValidateRange(0, 100)]
    [Parameter(Mandatory = $false)]
    [int]
    $memThreshold = 0,
    #farmSpec.data.lbSettings.lbMetricsSettings.diskQueueLengthThreshold
    [Parameter(Mandatory = $false)]
    [int]
    $diskQueueLengthThreshold = 0,
    #farmSpec.data.lbSettings.lbMetricsSettings.diskReadLatencyThreshold
    [Parameter(Mandatory = $false)]
    [int]
    $diskReadLatencyThreshold = 0,
    #farmSpec.data.lbSettings.lbMetricsSettings.diskWriteLatencyThreshold
    [Parameter(Mandatory = $false)]
    [int]
    $diskWriteLatencyThreshold = 0,
    #farmSpec.automatedfarmSpec.virtualCenter if LINKED_CLONE, INSTANT_CLONE
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
@@ -2783,7 +2843,7 @@ function New-HVFarm {
        $farmSpecObj.AutomatedFarmSpec.RdsServerMaxSessionsData.MaxSessionsType = $maxSessionsType
        if ($maxSessionsType -eq "LIMITED") {
-            $farmSpecObj.AutomatedFarmSpec.RdsServerMaxSessionsData.MaxSessionsType = $maxSessions
+            $farmSpecObj.AutomatedFarmSpec.RdsServerMaxSessionsData.MaxSessions = $maxSessions
        }
        $farmSpecObj.AutomatedFarmSpec.VirtualCenterProvisioningSettings.enableProvisioning = $enableProvisioning
        $farmSpecObj.AutomatedFarmSpec.VirtualCenterProvisioningSettings.stopProvisioningOnError = $stopProvisioningOnError
@@ -2820,6 +2880,19 @@ function New-HVFarm {
        }
        $logoffAfterTimeout = $farmData.Settings.logoffAfterTimeout
    }
    # Load Balancing
    if ($farmData.LbSettings) {
        If ($farmdata.LbSettings.LbMetricsSettings){
            $farmData.LbSettings.LbMetricsSettings.IncludeSessionCount = $includeSessionCount
            $farmData.LbSettings.LbMetricsSettings.CpuThreshold = $cpuThreshold
            $farmData.LbSettings.LbMetricsSettings.MemThreshold = $memThreshold
            $farmData.LbSettings.LbMetricsSettings.DiskQueueLengthThreshold = $diskQueueLengthThreshold
            $farmData.LbSettings.LbMetricsSettings.DiskReadLatencyThreshold = $diskReadLatencyThreshold
            $farmData.LbSettings.LbMetricsSettings.DiskWriteLatencyThreshold = $diskWriteLatencyThreshold
        }
    }
    if ($farmData.DisplayProtocolSettings) {
        $farmData.DisplayProtocolSettings.DefaultDisplayProtocol = $defaultDisplayProtocol
        $farmData.DisplayProtocolSettings.AllowDisplayProtocolOverride = $AllowDisplayProtocolOverride
@@ -2966,8 +3039,7 @@ function Get-HVFarmProvisioningData {
    $vmObject = $farmSpecObj.AutomatedFarmSpec.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData
  }
  if ($parentVM) {
-    $BaseImage_service_helper = New-Object VMware.Hv.BaseImageVmService
+    $parentList = Get-HVBaseImageVmList -vcID $vcID
    $parentList = $BaseImage_service_helper.BaseImageVm_List($services, $vcID)
    $parentVMObj = $parentList | Where-Object { $_.name -eq $parentVM }
    if ($null -eq $parentVMObj) {
      throw "No Parent VM found with name: [$parentVM]"
@@ -3233,6 +3305,8 @@ function Get-FarmSpec {
  }
  $farm_spec_helper.getDataObject().Data.Settings = $farm_helper.getFarmSessionSettingsHelper().getDataObject()
  $farm_spec_helper.getDataObject().Data.LbSettings = $farm_helper.getRDSHLoadBalancingSettingsHelper().getDataObject()
  $farm_spec_helper.getDataObject().Data.LbSettings.LbMetricsSettings = $farm_helper.getRDSHLoadBalancingMetricsSettingsHelper().getDataObject()
  $farm_spec_helper.getDataObject().Data.DisplayProtocolSettings = $farm_helper.getFarmDisplayProtocolSettingsHelper().getDataObject()
  $farm_spec_helper.getDataObject().Data.MirageConfigurationOverrides = $farm_helper.getFarmMirageConfigurationOverridesHelper( ).getDataObject()
  return $farm_spec_helper.getDataObject()
@@ -3728,23 +3802,29 @@ function New-HVPool {
    $ConnectionServerRestrictions,
    #desktopSpec.desktopSettings.logoffSettings.powerPolicy
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [ValidateSet('TAKE_NO_POWER_ACTION', 'ALWAYS_POWERED_ON', 'SUSPEND', 'POWER_OFF')]
    [string]$PowerPolicy = 'TAKE_NO_POWER_ACTION',
-    #desktopSpec.desktopSettings.logoffSettings.powerPolicy
+    #desktopSpec.desktopSettings.logoffSettings.automaticLogoffPolicy
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [ValidateSet('IMMEDIATELY', 'NEVER', 'AFTER')]
    [string]$AutomaticLogoffPolicy = 'NEVER',
    #desktopSpec.desktopSettings.logoffSettings.automaticLogoffMinutes
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [ValidateRange(1,[int]::MaxValue)]
    [int]$AutomaticLogoffMinutes = 120,
    #desktopSpec.desktopSettings.logoffSettings.allowUsersToResetMachines
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
@@ -3753,6 +3833,7 @@ function New-HVPool {
    #desktopSpec.desktopSettings.logoffSettings.allowMultipleSessionsPerUser
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [boolean]$allowMultipleSessionsPerUser = $false,
    #desktopSpec.desktopSettings.logoffSettings.deleteOrRefreshMachineAfterLogoff
@@ -3776,7 +3857,11 @@ function New-HVPool {
    [int]$refreshThresholdPercentageForReplicaOsDisk,
    #DesktopDisplayProtocolSettings
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [boolean]$enableCollaboration = $true,
    #desktopSpec.desktopSettings.logoffSettings.supportedDisplayProtocols
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
@@ -3784,6 +3869,7 @@ function New-HVPool {
    [string[]]$supportedDisplayProtocols = @('RDP', 'PCOIP', 'BLAST'),
    #desktopSpec.desktopSettings.logoffSettings.defaultDisplayProtocol
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'LINKED_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
@@ -3791,12 +3877,14 @@ function New-HVPool {
    [string]$defaultDisplayProtocol = 'PCOIP',
    #desktopSpec.desktopSettings.logoffSettings.allowUsersToChooseProtocol
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [int]$allowUsersToChooseProtocol = $true,
    #desktopSpec.desktopSettings.logoffSettings.enableHTMLAccess
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
@@ -3806,11 +3894,13 @@ function New-HVPool {
    #desktopSpec.desktopSettings.logoffSettings.pcoipDisplaySettings.renderer3D
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [ValidateSet('MANAGE_BY_VSPHERE_CLIENT', 'AUTOMATIC', 'SOFTWARE', 'HARDWARE', 'DISABLED')]
    [string]$renderer3D = 'DISABLED',
    #desktopSpec.desktopSettings.logoffSettings.pcoipDisplaySettings.enableGRIDvGPUs
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [Parameter(Mandatory = $false,ParameterSetName = 'MANUAL')]
    [boolean]$enableGRIDvGPUs = $false,
    #desktopSpec.desktopSettings.logoffSettings.pcoipDisplaySettings.vRamSizeMB
@@ -3819,11 +3909,13 @@ function New-HVPool {
    [int]$vRamSizeMB = 96,
    #desktopSpec.desktopSettings.logoffSettings.pcoipDisplaySettings.maxNumberOfMonitors
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [ValidateRange(1,4)]
    [int]$maxNumberOfMonitors = 2,
    #desktopSpec.desktopSettings.logoffSettings.pcoipDisplaySettings.maxResolutionOfAnyOneMonitor
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = "LINKED_CLONE")]
    [ValidateSet('WUXGA', 'WSXGA_PLUS', 'WQXGA', 'UHD')]
    [string]$maxResolutionOfAnyOneMonitor = 'WUXGA',
@@ -4160,7 +4252,8 @@ function New-HVPool {
    [string]
    $CustType,
-    #desktopSpec.automatedDesktopSpec.customizationSettings.reusePreExistingAccounts if LINKED_CLONE, INSTANT_CLONE
+    #desktopSpec.automatedDesktopSpec.customizationSettings.reusePreExistingAccounts if LINKED_CLONE, INSTANT_CLONE, FULL_CLONE
    [Parameter(Mandatory = $false,ParameterSetName = 'FULL_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'INSTANT_CLONE')]
    [Parameter(Mandatory = $false,ParameterSetName = 'LINKED_CLONE')]
    [Boolean]
@@ -4370,6 +4463,7 @@ function New-HVPool {
          $maximumCount = $jsonObject.AutomatedDesktopSpec.VmNamingSpec.patternNamingSettings.maxNumberOfMachines
          $spareCount = $jsonObject.AutomatedDesktopSpec.VmNamingSpec.patternNamingSettings.numberOfSpareMachines
          $provisioningTime = $jsonObject.AutomatedDesktopSpec.VmNamingSpec.patternNamingSettings.provisioningTime
          if ($provisioningTime -eq 'ON_DEMAND') { $MinimumCount = $jsonObject.AutomatedDesktopSpec.VmNamingSpec.patternNamingSettings.MinNumberOfMachines }
        } else {
          $specificNames = $jsonObject.AutomatedDesktopSpec.VmNamingSpec.specifiedNames
          $startInMaintenanceMode = $jsonObject.AutomatedDesktopSpec.VmNamingSpec.SpecificNamingSpec.startMachinesInMaintenanceMode
@@ -4470,6 +4564,9 @@ function New-HVPool {
      } elseIf ($jsonObject.type -eq "MANUAL") {
        $MANUAL = $true
        $poolType = 'MANUAL'
 	if ($null -ne $jsonObject.ManualDesktopSpec.VirtualCenter) {
          $vCenter = $jsonObject.ManualDesktopSpec.VirtualCenter
        }
        $userAssignment = $jsonObject.ManualDesktopSpec.userAssignment.userAssignment
        $automaticAssignment = $jsonObject.ManualDesktopSpec.userAssignment.AutomaticAssignment
        $source = $jsonObject.ManualDesktopSpec.source
@@ -4532,6 +4629,7 @@ function New-HVPool {
                $maxResolutionOfAnyOneMonitor = $jsonObject.DesktopSettings.displayProtocolSettings.pcoipDisplaySettings.maxResolutionOfAnyOneMonitor
              }
              $enableHTMLAccess = $jsonObject.DesktopSettings.displayProtocolSettings.enableHTMLAccess
 	      $enableCollaboration = $jsonObject.DesktopSettings.displayProtocolSettings.EnableCollaboration
            }
            if ($null -ne $jsonObject.DesktopSettings.mirageConfigurationOverrides) {
@@ -4757,8 +4855,6 @@ function New-HVPool {
        try {
          $desktopVirtualCenterProvisioningData = Get-HVPoolProvisioningData -vc $virtualCenterID -vmObject $desktopVirtualCenterProvisioningData
          $hostClusterId = $desktopVirtualCenterProvisioningData.HostOrCluster
          $hostOrCluster_helper = New-Object VMware.Hv.HostOrClusterService
          $hostClusterIds = (($hostOrCluster_helper.HostOrCluster_GetHostOrClusterTree($services, $desktopVirtualCenterProvisioningData.datacenter)).treeContainer.children.info).Id
          $desktopVirtualCenterStorageSettings = Get-HVPoolStorageObject -hostClusterIds $hostClusterId -storageObject $desktopVirtualCenterStorageSettings
          $DesktopVirtualCenterNetworkingSettings = Get-HVPoolNetworkSetting -networkObject $DesktopVirtualCenterNetworkingSettings
          $desktopCustomizationSettings = Get-HVPoolCustomizationSetting -vc $virtualCenterID -customObject $desktopCustomizationSettings
@@ -4842,6 +4938,7 @@ function New-HVPool {
            $desktopDisplayProtocolSettings.getDataObject().SupportedDisplayProtocols = $supportedDisplayProtocols
            $desktopDisplayProtocolSettings.setDefaultDisplayProtocol($defaultDisplayProtocol)
            $desktopDisplayProtocolSettings.setEnableHTMLAccess($enableHTMLAccess)
 	    $desktopDisplayProtocolSettings.setEnableCollaboration($enableCollaboration)
            $desktopDisplayProtocolSettings.setAllowUsersToChooseProtocol($allowUsersToChooseProtocol)
            $desktopPCoIPDisplaySettings = $desktopSettingsService.getDesktopPCoIPDisplaySettingsHelper()
@@ -4955,8 +5052,7 @@ function Get-HVResourceStructure {
    foreach ($vc in $vcList) {
      Write-Host vCenter $vc.ServerSpec.ServerName
      $datacenterList = @{}
-      $BaseImage_service_helper = New-Object VMware.Hv.BaseImageVmService
+      $parentList = Get-HVBaseImageVmList -vcID $vc.id
      $parentList = $BaseImage_service_helper.BaseImageVm_List($services, $vc.id)
      foreach ($possibleParent in $parentList) {
 	if (-not $datacenterList.ContainsKey($possibleParent.datacenter.id)) {
 	  $datacenterList.Add($possibleParent.datacenter.id, $possibleParent.datacenter)
@@ -5026,7 +5122,7 @@ function Get-HVPoolProvisioningData {
    $vmObject.Template = $templateVM.id
    $dataCenterID = $templateVM.datacenter
    if ($dataCenter -and $dataCenterID) {
-        $VmTemplateInfo = $vm_template_helper.VmTemplate_ListByDatacenter($dataCenterID)
+        $VmTemplateInfo = $vm_template_helper.VmTemplate_ListByDatacenter($services,$dataCenterID)
        if (! ($VmTemplateInfo.Path -like "/$dataCenter/*")) {
            throw "$template not exists in datacenter: [$dataCenter]"
        }
@@ -5034,8 +5130,7 @@ function Get-HVPoolProvisioningData {
    $vmObject.datacenter = $dataCenterID
  }
  if ($parentVM) {
-    $base_imageVm_helper = New-Object VMware.Hv.BaseImageVmService
+    $parentList = Get-HVBaseImageVmList -vcID $vcID
    $parentList = $base_imageVm_helper.BaseImageVm_List($services,$vcID)
    $parentVmObj = $parentList | Where-Object { $_.name -eq $parentVM }
    if ($null -eq $parentVMObj) {
      throw "No parent VM found with Name: [$parentVM]"
@@ -5049,7 +5144,7 @@ function Get-HVPoolProvisioningData {
    $snapshotList = $baseImageSnapshot_helper.BaseImageSnapshot_List($services,$parentVmObj.id)
    $snapshotVmObj = $snapshotList | Where-Object { $_.name -eq $snapshotVM }
    if ($null -eq $snapshotVmObj) {
-      throw "No sanpshot found with Name: [$snapshotVM]"
+      throw "No snapshot found with Name: [$snapshotVM]"
    }
    $vmObject.Snapshot = $snapshotVmObj.id
  }
@@ -5445,6 +5540,7 @@ function Get-HVPoolCustomizationSetting {
        $desktopSpecObj.AutomatedDesktopSpec.CustomizationSettings.DomainAdministrator = $ViewComposerDomainAdministratorID
        $desktopSpecObj.AutomatedDesktopSpec.CustomizationSettings.ReusePreExistingAccounts = $reusePreExistingAccounts
      } elseIf ($FullClone) {
        $desktopSpecObj.AutomatedDesktopSpec.CustomizationSettings.ReusePreExistingAccounts = $reusePreExistingAccounts
        if ($custType -eq 'SYS_PREP') {
          $desktopSpecObj.AutomatedDesktopSpec.CustomizationSettings.CustomizationType = 'SYS_PREP'
          $desktopSpecObj.AutomatedDesktopSpec.CustomizationSettings.SysprepCustomizationSettings = Get-CustomizationObject
@@ -6054,9 +6150,9 @@ function Set-HVFarm {
    }
    $updates = @()
-    if ($key -and $value) {
+    if ($PSBoundParameters.ContainsKey("key") -and $PSBoundParameters.ContainsKey("value")) {
      $updates += Get-MapEntry -key $key -value $value
-    } elseif ($key -or $value) {
+    } elseif ($PSBoundParameters.ContainsKey("key") -or $PSBoundParameters.ContainsKey("value")) {
      Write-Error "Both key:[$key] and value:[$value] need to be specified"
    }
    if ($spec) {
@@ -6747,8 +6843,7 @@ function Set-HVFarmSpec {
    $Spec
  )
  if ($parentVM) {
-    $baseImage_service_helper = New-Object VMware.Hv.BaseImageVmService
+    $parentList = Get-HVBaseImageVmList -vcID $vcID
    $parentList = $baseImage_service_helper.BaseImageVm_List($services, $vcID)
    $parentVMObj = $parentList | Where-Object { $_.name -eq $parentVM }
    if ($null -eq $parentVMObj) {
      throw "No Parent VM found with name: [$parentVM]"
@@ -6933,6 +7028,7 @@ function Start-HVPool {
    $poolList = @{}
    $poolType = @{}
    $poolSource = @{}
    $poolProvisioningSpecs = @{}
    if ($pool) {
      foreach ($item in $pool) {
        if ($item.GetType().name -eq 'DesktopInfo') {
@@ -6961,6 +7057,19 @@ function Start-HVPool {
            Write-Error "No desktopsummarydata found with pool name: [$item]"
            break
          }
          try {
            $poolSettingsObj = Get-HVPool -poolName $item -suppressInfo $true -hvServer $hvServer
          } catch {
            Write-Error "Make sure Get-HVPool advanced function is loaded, $_"
            break
          }
          if ($poolSettingsObj) {
            $poolProvisioningSettings = $poolSettingsObj.AutomatedDesktopData.VirtualCenterProvisioningSettings
            Write-Verbose "retrieved Pool Settings: $($poolProvisioningSettings | Out-String)"
          } else {
            Write-Error "No pool information found with pool name: [$item]"
            break
          }
        } else {
          Write-Error "In pipeline did not get object of expected type DesktopSummaryView/DesktopInfo"
          break
@@ -6968,6 +7077,7 @@ function Start-HVPool {
        $poolList.Add($id,$name)
        $poolType.Add($id,$type)
        $poolSource.Add($id,$source)
        $poolProvisioningSpecs.Add($id,$poolProvisioningSettings)
      }
    }
  }
@@ -7011,7 +7121,7 @@ function Start-HVPool {
            $updates = @()
            $updates += Get-MapEntry -key 'automatedDesktopData.virtualCenterProvisioningSettings.virtualCenterProvisioningData.parentVm' -value $spec.ParentVM
            $updates += Get-MapEntry -key 'automatedDesktopData.virtualCenterProvisioningSettings.virtualCenterProvisioningData.snapshot' -value $spec.Snapshot
-            if ($startTime) { $spec.Settings.startTime = $startTime }
+            if ($startTime) { $spec.startTime = $startTime }
 	    if (!$confirmFlag -OR  $pscmdlet.ShouldProcess($poolList.$item)) {
              $desktop_helper.Desktop_Update($services,$item,$updates)
            }
@@ -7029,6 +7139,11 @@ function Start-HVPool {
            $spec.Settings = New-Object VMware.Hv.DesktopPushImageSettings
            $spec.Settings.LogoffSetting = $logoffSetting
            $spec.Settings.StopOnFirstError = $stopOnFirstError
            $spec.Settings.AddVirtualTPM = ($poolProvisioningSpecs.$item).AddVirtualTPM
            If (($poolProvisioningSpecs.$item).AddVirtualTPM) {
            Write-Verbose -Message "Restoring previous vTPM state"
            }
            Write-Debug -Message "fetched pool provisioning specs: $(($poolProvisioningSpecs.$item) | Out-String)"
            if ($startTime) { $spec.Settings.startTime = $startTime }
            if (!$confirmFlag -OR  $pscmdlet.ShouldProcess($poolList.$item)) {
              $desktop_helper.Desktop_SchedulePushImage($services,$item,$spec)
@@ -7181,7 +7296,11 @@ function Get-HVBaseImageVM {
  process {
-    $BaseImageVMList = $services.BaseImageVM.BaseImageVM_List($VirtualCenterId)
+    if ((Get-HVModuleVersion) -lt [version] "12.2") {
        $BaseImageVMList = $services.BaseImageVM.BaseImageVM_List($VirtualCenter)
    } else {
        $BaseImageVMList = $services.BaseImageVM.BaseImageVM_List($VirtualCenter, $null)
    }
    #For all conditions, see https://vdc-download.vmware.com/vmwb-repository/dcr-public/3721109b-48a5-4ffb-a0ad-6d6a44f2f288/ff45dfca-1050-4265-93ef-4e7d702322e4/vdi.utils.virtualcenter.BaseImageVm.BaseImageVmIncompatibleReasons.html
@@ -7197,7 +7316,8 @@ function Get-HVBaseImageVM {
            ($_.IncompatibleReasons.ViewComposerReplica -eq $false) -and
            ($_.IncompatibleReasons.UnsupportedOS -eq $false) -and
            ($_.IncompatibleReasons.NoSnapshots -eq $false) -and
-            (($null -eq $_.IncompatibleReasons.InstantInternal) -or ($_.IncompatibleReasons.InstantInternal -eq $false))
+            (($null -eq $_.IncompatibleReasons.InstantInternal) -or ($_.IncompatibleReasons.InstantInternal -eq $false)) -and
            $(if ((Get-HVModuleVersion) -gt [version] "12.2") {($_.IncompatibleReasons.inUseByInstantCloneDesktop -eq $false)})
          }
        }
        'RDS' {
@@ -7207,7 +7327,8 @@ function Get-HVBaseImageVM {
            ($_.IncompatibleReasons.ViewComposerReplica -eq $false) -and
            ($_.IncompatibleReasons.UnsupportedOSForLinkedCloneFarm -eq $false) -and
            ($_.IncompatibleReasons.NoSnapshots -eq $false) -and
-            (($null -eq $_.IncompatibleReasons.InstantInternal) -or ($_.IncompatibleReasons.InstantInternal -eq $false))
+            (($null -eq $_.IncompatibleReasons.InstantInternal) -or ($_.IncompatibleReasons.InstantInternal -eq $false)) -and
            $(if ((Get-HVModuleVersion) -gt [version] "12.2") {($_.IncompatibleReasons.inUseByInstantCloneDesktop -eq $false)})
          }
        }
        'ALL' {
@@ -7324,8 +7445,7 @@ function Set-HVPoolSpec {
    $Spec
  )
  if ($parentVM) {
-    $baseimage_helper = New-Object VMware.Hv.BaseImageVmService
+    $parentList = Get-HVBaseImageVmList -vcID $vcID
    $parentList = $baseimage_helper.BaseImageVm_List($services,$vcID)
    $parentVMObj = $parentList | Where-Object { $_.name -eq $parentVM }
    $spec.ParentVm = $parentVMObj.id
  }
@@ -8022,7 +8142,11 @@ function Get-HVInternalName {
         return $Info.Base.Username
       }
       'BaseImageVm' {
-         $info = $services.BaseImageVm.BaseImageVm_List($VcId) | Where-Object { $_.id.id -eq  $EntityId.id }
+         if ((Get-HVModuleVersion) -lt [version] "12.2") {
           $info = $services.BaseImageVm.BaseImageVm_List($VcId) | Where-Object { $_.id.id -eq  $EntityId.id }
 	 } else {
           $info = $services.BaseImageVm.BaseImageVm_List($VcId, $null) | Where-Object { $_.id.id -eq  $EntityId.id }
 	 }
         return $info.name
       }
       'BaseImageSnapshot' {
@@ -10190,7 +10314,7 @@ function Set-HVGlobalSettings {
  process {
    $updates = @()
-    if ($key -and $value) {
+    if ( $PSBoundParameters.ContainsKey('Key') -and $PSBoundParameters.ContainsKey('Value') ) {
      $updates += Get-MapEntry -key $key -value $value
    } elseif ($key -or $value) {
      Write-Error "Both key:[$key] and value:[$value] needs to be specified"
@@ -10343,6 +10467,82 @@ The Get-HVLocalSession gets all local session by using view API service object(h
  [System.gc]::collect()
 }
 function Restart-HVMachine {
  <#
 .Synopsis
    Restart Horizon View desktops.
 .DESCRIPTION
    Queries and restart virtual machines.
      Graceful OS restart for Full-clone pool.
      Graceful OS shut down > Delete VM > Create new VM > Power On for Instant-clone pool.
      The machines list would be determined based on queryable fields machineName. Use an asterisk (*) as wildcard.
      If the result has multiple machines all will be reset.
 .PARAMETER MachineName
    The name of the Machine(s) to query for.
      This is a required value.
 .PARAMETER HvServer
  Reference to Horizon View Server to query the virtual machines from. If the value is not passed or null then
  first element from global:DefaultHVServers would be considered in-place of hvServer
 .EXAMPLE
    Restart-HVMachine -MachineName 'PowerCLIVM'
    Queries VM(s) with given parameter machineName
 .EXAMPLE
    Restart-HVMachine -MachineName 'PowerCLIVM*'
    Queries VM(s) with given parameter machinename with wildcard character *
 .NOTES
  Author                      : Goncharenko Roman
  Author email                : romqatt@gmail.com
  Version                     : 1.0
  ===Tested Against Environment====
  Horizon View Server Version : 7.3.2
  PowerCLI Version            : PowerCLI 12.4
  PowerShell Version          : 5.1
 #>
  [CmdletBinding(
      SupportsShouldProcess = $true,
      ConfirmImpact = 'High'
  )]
  param(
      [Parameter(Mandatory = $true)]
      [string]
      $MachineName,
      [Parameter(Mandatory = $false)]
      $HvServer
  )
  Begin {
      $services = Get-ViewAPIService -hvServer $hvServer
      if ($null -eq $services) {
          Write-Error "Could not retrieve ViewApi services from connection object"
          break
      }
      $machineList = Find-HVMachine -Param $PSBoundParameters
      if (-not $machineList) {
          Write-Host "Restart-HVMachine: No Virtual Machine(s) Found with given search parameters"
          break
      }
  }
  Process {
      if ($Force -or $PSCmdlet.ShouldProcess($MachineName)) {
          foreach ($machine in $machinelist) {
              $services.machine.Machine_RestartMachines($machine.id)
          }
      }
  }
  End {
      [System.gc]::collect()
  }
 }
 function Reset-HVMachine {
 	<#
 	.Synopsis
@@ -10423,6 +10623,78 @@ function Reset-HVMachine {
    [System.gc]::collect()
  }
 }
 function Rebuild-HVMachine {
 	<#
 	.Synopsis
 	   Rebuilds Horizon View desktops.
 	.DESCRIPTION
 	   Queries and rebuilds virtual machines (create new cloned VM with same name from same template and applies same customization specification), the machines list would be determined
     based on queryable fields machineName. Use an asterisk (*) as wildcard. If the result has multiple machines all will be reset.
 	.PARAMETER MachineName
 	   The name of the Machine(s) to query for.
 	   This is a required value.
 	.PARAMETER HvServer
 		Reference to Horizon View Server to query the virtual machines from. If the value is not passed or null then
 		first element from global:DefaultHVServers would be considered in-place of hvServer
 	.EXAMPLE
 	   rebuild-HVMachine -MachineName 'PowerCLIVM'
 	   Queries VM(s) with given parameter machineName
 	.EXAMPLE
 	   rebuild-HVMachine -MachineName 'PowerCLIVM*'
 	   Queries VM(s) with given parameter machinename with wildcard character *
 	.NOTES
 		Author                      : Mayank Goyal
 		Author email                : mayankgoyalmax@gmail.com
 		Version                     : 1.0
 		===Tested Against Environment====
 		Horizon View Server Version : 7.3.0
 		PowerCLI Version            : PowerCLI 6.5, PowerCLI 6.5.1
 		PowerShell Version          : 5.0
 	#>
  [CmdletBinding(
  SupportsShouldProcess = $true,
  ConfirmImpact = 'High'
  )]
  param(
  [Parameter(Mandatory = $true)]
  [string]
  $MachineName,
  [Parameter(Mandatory = $false)]
  $HvServer = $null
  )
  Begin {
    $services = Get-ViewAPIService -hvServer $hvServer
    if ($null -eq $services) {
      Write-Error "Could not retrieve ViewApi services from connection object"
      break
    }
    $machineList = Find-HVMachine -Param $PSBoundParameters
    if (!$machineList) {
      Write-Host "Rebuild-HVMachine: No Virtual Machine(s) Found with given search parameters"
      break
    }
  }
  Process {
    if ($Force -or $PSCmdlet.ShouldProcess($MachineName)) {
      foreach ($machine in $machinelist){
        $services.machine.Machine_RebuildMachines($machine.id)
      }
    }
  }
  End {
    [System.gc]::collect()
  }
 }
 function Remove-HVMachine {
 	<#
 	.Synopsis
@@ -12209,7 +12481,7 @@ Function New-HVManualApplication {
 .NOTES
    Author                      : Samiullasha S
    Author email                : ssami@vmware.com
-    Version                     : 1.0
+    Version                     : 1.0.1
    ===Tested Against Environment====
    Horizon View Server Version : 7.8.0
@@ -12262,7 +12534,7 @@ Function New-HVManualApplication {
    [String]$MultiSessionMode = 'DISABLED',
    [Parameter(Mandatory = $False, ValueFromPipeline = $True)]
-    [ValidateScript({if(($MultiSessionMode -eq 'ENABLED_DEFAULT_OFF') -or ($MultiSessionMode -eq 'ENABLED_DEFAULT_ON') -or ($MultiSessionMode -eq 'ENABLED_ENFORCED')){$_ -eq 1}})]
+    [ValidateScript({if(($MultiSessionMode -eq 'ENABLED_DEFAULT_OFF') -or ($MultiSessionMode -eq 'ENABLED_DEFAULT_ON') -or ($MultiSessionMode -eq 'ENABLED_ENFORCED')){$_ -gt 0}})]
    [Int]$MaxMultiSessions,
    #Below parameters are for ExecutionData, moved ExecutablePath, Version and Publisher to above from this.
@@ -12309,7 +12581,7 @@ Function New-HVManualApplication {
        Write-Host "Application already exists with the name : $Name"
        return
    }
-    $AppData = New-Object VMware.Hv.ApplicationData -Property @{ 'name' = $Name; 'displayName' = $DisplayName; 'description' = $Description; 'enabled' = $Enabled; 'enableAntiAffinityRules' = $EnableAntiAffinityRules; 'antiAffinityPatterns' = $AntiAffinityPatterns; 'antiAffinityCount' = $AntiAffinityCount; 'enablePreLaunch' = $EnablePreLaunch; 'connectionServerRestrictions' = $ConnectionServerRestrictions; 'categoryFolderName' = $CategoryFolderName; 'clientRestrictions' = $ClientRestrictions; 'shortcutLocations' = $ShortcutLocations; 'globalApplicationEntitlement' = $GlobalApplicationEntitlementId }
+    $AppData = New-Object VMware.Hv.ApplicationData -Property @{ 'name' = $Name; 'displayName' = $DisplayName; 'description' = $Description; 'enabled' = $Enabled; 'enableAntiAffinityRules' = $EnableAntiAffinityRules; 'antiAffinityPatterns' = $AntiAffinityPatterns; 'antiAffinityCount' = $AntiAffinityCount; 'enablePreLaunch' = $EnablePreLaunch; 'connectionServerRestrictions' = $ConnectionServerRestrictions; 'categoryFolderName' = $CategoryFolderName; 'clientRestrictions' = $ClientRestrictions; 'shortcutLocations' = $ShortcutLocations; 'globalApplicationEntitlement' = $GlobalApplicationEntitlementId; 'multiSessionMode' = $MultiSessionMode; 'maxMultiSessions' = $MaxMultiSessions }
    $ExecutionData = New-Object VMware.Hv.ApplicationExecutionData -Property @{ 'executablePath' = $ExecutablePath; 'version' = $Version; 'publisher' = $Publisher; 'startFolder' = $StartFolder; 'args' = $Args; 'farm' = $FarmInfo.id; 'autoUpdateFileTypes' = $AutoUpdateFileTypes; 'autoUpdateOtherFileTypes' = $AutoUpdateOtherFileTypes}
    $AppSpec = New-Object VMware.Hv.ApplicationSpec -Property @{ 'data' = $AppData; 'executionData' = $ExecutionData}
    $AppService = New-Object VMware.Hv.ApplicationService
@@ -12785,6 +13057,199 @@ param (
  }
 }
 Function Get-HVNetworkLabels {
 <#
 .Synopsis
    Returns all network labels on the given host or cluster that may be suitable for configuration with a desktop's network interface card.
 .DESCRIPTION
    Returns all network labels on the given host or cluster that may be suitable for configuration with a desktop's network interface card. This includes both standard and distributed virtual switch network label types.
 .PARAMETER HostOrClusterID
    The cluster id.
 .EXAMPLE
    Get-HVNetworkLabels -HostOrClusterId $farmSpecObj.AutomatedFarmSpec.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.hostOrCluster
    Get-HVNetworkLabels -HostOrClusterId $farmSpecObj.AutomatedFarmSpec.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.hostOrCluster | Where-Object {$_.Name -eq $NetworkLabelName}
    (Get-HVNetworkLabels -HostOrClusterId $farmSpecObj.AutomatedFarmSpec.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.hostOrCluster | Where-Object {$_.Name -eq $NetworkLabelName}).ID
 .OUTPUTS
    An array of NetworkLabelInfos.
 .NOTES
    Author                      : Rico Roodenburg
    Author email                : r.roodenburg@outlook.com
    Version                     : 1.0
    ===Tested Against Environment====
    Horizon View Server Version : 2012 (8.1)
    PowerCLI Version            : PowerCLI 12.0
    PowerShell Version          : 5.1
 #>
    param (
        [Parameter(Mandatory = $True) ]
        [VMware.Hv.HostOrClusterId]$HostOrClusterID
    )
    Begin {
        $services = Get-ViewAPIService -HvServer $HvServer
        if ($null -eq $services) {
            Write-Error "Could not retrieve View API services from connection object"
            break
        }
    }
    Process {
        $NetworkLabelSpec = new-object vmware.hv.NetworkLabelSpec
        $NetworkLabelSpec.HostOrClusterId = $HostOrClusterID
        $NetworkLabelService = New-Object VMware.Hv.NetworkLabelService
        $NetworkLabels = $NetworkLabelService.NetworkLabel_ListByNetworkLabelSpec($Services,$NetworkLabelSpec)
        $Result = $Networklabels | Foreach {
            [pscustomobject]@{'Id'=$_.Id;'Name'=$_.Data.Name;'SwitchType'=$_.Data.SwitchType;'LabelType'=$_.Data.LabelType;'MaxNumOfPort'=$_.Data.MaxNumOfPort;'AvailablePorts'=$_.Data.AvailablePorts;'NotConfiguredOnAllHosts'=$_.Data.IncompatibleReasons.NotConfiguredOnAllHosts;'DvsUplinkPort'=$_.Data.IncompatibleReasons.DvsUplinkPort;'VmcNetworks'=$_.Data.IncompatibleReasons.VmcNetworks}
        }
        Return $Result
    }
 }
 function Get-HVSyslog {
 <#
  .SYNOPSIS
    This function is used to get the current syslog server settings
  .DESCRIPTION
    Queries HVServer for the current syslog settings
  .PARAMETER HvServer
    Reference to Horizon View Server to query. If the value is not passed or null then
    first element from global:DefaultHVServers would be considered inplace of hvServer
  .EXAMPLE
    Get-HVSyslog
    Returns both file and UDP syslog settings
  .EXAMPLE
    Get-HVSyslog | Select -ExpandProperty udpData
    Displays the udpData settings
  .OUTPUTS
    Returns object of type VMware.Hv.SyslogInfo which contains objects for both file and UDP Syslog settgs
 .NOTES
    Author : Mark Elvers <mark.elvers@tunbury.org>
 #>
  [CmdletBinding()]
  param(
    [Parameter(Mandatory = $false)]
    $HvServer = $null
  )
  begin {
    $services = Get-ViewAPIService -hvServer $hvServer
    if ($null -eq $services) {
      Write-Error "Could not retrieve ViewApi services from connection object"
      break
    }
  }
  process {
    $syslog_helper = New-Object VMware.Hv.SyslogService
    $syslog_helper.Syslog_Get($services)
  }
  end {
    [System.gc]::collect()
  }
 }
 function Set-HVSyslog {
 <#
  .SYNOPSIS
    This function is used to set the syslog servers
  .DESCRIPTION
    Set-HVSyslog sets the syslog servers used by Horizon and enables/disables logging.
  .PARAMETER servers
    Array of servers to be used in the format <ip>:<port>
  .PARAMETER enabled
    Switch paramter to enabled or disable syslog data.  Defaults to enabled.
  .EXAMPLE
    Set-HVSyslog -servers "1.2.3.4:514"
    Set the default HV server to use syslog server 1.2.3.4 on port 514 and turn on logging.
  .EXAMPLE
    Set-HVSyslog -servers "1.2.3.4:514", "5.6.7.8:514" -enabled:$true -hvserver vcs
    Set the syslog servers to 1.2.3.4:514 and 5.6.7.8:514 on Horizon View server vcs and specifically enables logging.
  .EXAMPLE
    Set-HVSyslog -enabled:$false -hvserver vcs
    Disables syslog logging on server vcs without changing the currently defined syslog servers.
    Note you can not see whether it's enabled or diabled in the GUI.  Use Get-HVSyslog instead.
  .EXAMPLE
    Set-HVSyslog -enabled -hvserver vcs
    Enables syslog logging on server vcs without changing the currently defined syslog servers.
  .OUTPUTS
    None
  .NOTES
    Author : Mark Elvers <mark.elvers@tunbury.org>
 #>
  [CmdletBinding()]
  param(
    [Parameter(Mandatory = $false)]
    [string[]]
    $servers = @(),
    [Parameter(Mandatory = $false)]
    [switch]$enabled = $true,
    [Parameter(Mandatory = $false)]
    $HvServer = $null
  )
  begin {
    $services = Get-ViewAPIService -hvServer $hvServer
    if ($null -eq $services) {
      Write-Error "Could not retrieve ViewApi services from connection object"
      break
    }
  }
  process {
    $syslog_helper = New-Object VMware.Hv.SyslogService
    $updates = @()
    $updates += Get-MapEntry -key 'udpData.enabled' -value ([bool]$enabled)
    if ($servers.count) {
      $updates += Get-MapEntry -key 'udpData.networkAddresses' -value $servers
    }
    $syslog_helper.Syslog_Update($services, $updates)
  }
  end {
    [System.gc]::collect()
  }
 }
 # Object related
 Export-ModuleMember -Function Get-HVMachine, Get-HVMachineSummary, Get-HVQueryResult, Get-HVQueryFilter, Get-HVInternalName
 # RDS Farm related
@@ -12795,7 +13260,7 @@ Export-ModuleMember -Function Get-HVPoolSummary, New-HVPool, Remove-HVPool, Get-
 Export-ModuleMember -Function Get-HVApplication, Remove-HVApplication, New-HVManualApplication, Get-HVPreInstalledApplication, New-HVPreInstalledApplication, Set-HVApplication
 # Entitlement related
 Export-ModuleMember -Function New-HVEntitlement,Get-HVEntitlement,Remove-HVEntitlement
-Export-ModuleMember -Function Set-HVMachine, Reset-HVMachine, Remove-HVMachine
+Export-ModuleMember -Function Set-HVMachine, Reset-HVMachine, Restart-HVMachine, Rebuild-HVMachine, Remove-HVMachine
 # Cloud Pod Architecture related
 Export-ModuleMember -Function New-HVGlobalEntitlement, Remove-HVGlobalEntitlement, Get-HVGlobalEntitlement, Set-HVGlobalEntitlement, New-HVPodFederation, Remove-HVPodFederation, Get-HVPodFederation, Set-HVPodFederation
 Export-ModuleMember -Function Get-HVSite, New-HVSite, New-HVHomeSite, Remove-HVSite, Get-HVHomeSite, Set-HVSite, Register-HVPod, Unregister-HVPod
@@ -12807,4 +13272,4 @@ Export-ModuleMember -Function Get-HVEventDatabase, Set-HVEventDatabase, Clear-HV
 # vCenter Server related
 Export-ModuleMember -Function Get-HVvCenterServer, Get-HVvCenterServerHealth
 # Misc/other related
-Export-ModuleMember -Function Get-HVlicense, Set-HVlicense, Get-HVHealth, Set-HVInstantCloneMaintenance, Get-HVBaseImageVM, Get-HVBaseImageVMSnapshot
+Export-ModuleMember -Function Get-HVlicense, Set-HVlicense, Get-HVHealth, Set-HVInstantCloneMaintenance, Get-HVBaseImageVM, Get-HVBaseImageVMSnapshot, Set-HVSyslog, Get-HVSyslog
--- a/Modules/VMware.Skyline.InsightsApi/VMware.Skyline.InsightsApi.Format.ps1xml
+++ b/Modules/VMware.Skyline.InsightsApi/VMware.Skyline.InsightsApi.Format.ps1xml
@@ -0,0 +1,41 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <Configuration>
    <ViewDefinitions>
        <View>
            <Name>SkylineConnection</Name>
            <ViewSelectedBy>
                <TypeName>SkylineConnection</TypeName>
            </ViewSelectedBy>
            <TableControl>
                <TableHeaders>
                    <TableColumnHeader>
                        <Width>30</Width>
                        <Label>Name</Label>
                    </TableColumnHeader>
                    <TableColumnHeader>
                        <Width>30</Width>
                        <Label>APIKey</Label>
                    </TableColumnHeader>
                    <TableColumnHeader>
                        <Label>CSPName</Label>
                    </TableColumnHeader>
                </TableHeaders>
                <TableRowEntries>
                    <TableRowEntry>
                        <TableColumnItems>
                            <TableColumnItem>
                                <PropertyName>Name</PropertyName>
                            </TableColumnItem>
                            <TableColumnItem>
                                <PropertyName>APIKey</PropertyName>
                            </TableColumnItem>
                            <TableColumnItem>
                                <PropertyName>CSPName</PropertyName>
                            </TableColumnItem>
                    </TableColumnItems>
                    </TableRowEntry>
                </TableRowEntries>
            </TableControl>
        </View>
    </ViewDefinitions>
 </Configuration>
--- a/Modules/VMware.Skyline.InsightsApi/VMware.Skyline.InsightsApi.psd1
+++ b/Modules/VMware.Skyline.InsightsApi/VMware.Skyline.InsightsApi.psd1
@@ -0,0 +1,128 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.Skyline.InsightsApi'
 #
 # Generated by: Brian Wuchner
 #
 # Generated on: 2/21/2022
 #
@{
 # Script module or binary module file associated with this manifest.
 RootModule = 'VMware.Skyline.InsightsApi.psm1'
 # Version number of this module.
 ModuleVersion = '1.0.0'
 # Supported PSEditions
 # CompatiblePSEditions = @()
 # ID used to uniquely identify this module
 GUID = '4dfcb1e5-69b9-405d-aecd-06119ec12649'
 # Author of this module
 Author = 'Brian Wuchner'
 # Company or vendor of this module
 CompanyName = 'VMware'
 # Copyright statement for this module
 Copyright = '(c) VMware. All rights reserved.'
 # Description of the functionality provided by this module
 Description = 'Community sourced PowerShell wrapper module for the Skyline Insights API.'
 # Minimum version of the Windows PowerShell engine required by this module
 PowerShellVersion = '4.0'
 # Name of the Windows PowerShell host required by this module
 # PowerShellHostName = ''
 # Minimum version of the Windows PowerShell host required by this module
 # PowerShellHostVersion = ''
 # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
 # DotNetFrameworkVersion = ''
 # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
 # CLRVersion = ''
 # Processor architecture (None, X86, Amd64) required by this module
 # ProcessorArchitecture = ''
 # Modules that must be imported into the global environment prior to importing this module
 # RequiredModules = @()
 # Assemblies that must be loaded prior to importing this module
 # RequiredAssemblies = @()
 # Script files (.ps1) that are run in the caller's environment prior to importing this module.
 # ScriptsToProcess = @()
 # Type files (.ps1xml) to be loaded when importing this module
 # TypesToProcess = @()
 # Format files (.ps1xml) to be loaded when importing this module
 FormatsToProcess = @('VMware.Skyline.InsightsApi.Format.ps1xml')
 # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
 # NestedModules = @()
 # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
 FunctionsToExport = @('Connect-SkylineInsights','Disconnect-SkylineInsights','Invoke-SkylineInsightsApi','Get-SkylineFinding',
    'Get-SkylineAffectedObject','Format-SkylineResult','Start-SkylineInsightsApiExplorer')
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
 CmdletsToExport = @()
 # Variables to export from this module
 VariablesToExport = '*'
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = @()
 # DSC resources to export from this module
 # DscResourcesToExport = @()
 # List of all modules packaged with this module
 # ModuleList = @()
 # List of all files packaged with this module
 # FileList = @()
 # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
 PrivateData = @{
    PSData = @{
        # Tags applied to this module. These help with module discovery in online galleries.
        # Tags = @()
        # A URL to the license for this module.
        # LicenseUri = ''
        # A URL to the main website for this project.
        # ProjectUri = ''
        # A URL to an icon representing this module.
        # IconUri = ''
        # ReleaseNotes of this module
        # ReleaseNotes = ''
    } # End of PSData hashtable
 } # End of PrivateData hashtable
 # HelpInfo URI of this module
 # HelpInfoURI = ''
 # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
 # DefaultCommandPrefix = ''
 }
--- a/Modules/VMware.Skyline.InsightsApi/VMware.Skyline.InsightsApi.psm1
+++ b/Modules/VMware.Skyline.InsightsApi/VMware.Skyline.InsightsApi.psm1
@@ -0,0 +1,425 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Connect-SkylineInsights {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to create the auth header to connect to Skyline Insights API
    .DESCRIPTION
    This function will allow you to connect to a Skyline Insights API.
    A global variable will be set with the Servername & Header value for use by other functions.
    .EXAMPLE
    PS C:\> Connect-SkylineInsights -apiKey 'my-key-from-csp'
    This will use the provided API key to create a connection to Skyline Insights.
    .EXAMPLE
    PS C:\> Connect-SkylineInsights -apiKey 'my-key-from-csp' -SaveCredentials
    This will use the PowerCLI VICredentialStore Item to save the provided API key.  On next use this key will be provided automatically.
 #>
    param(
        [string]$apiKey,
        [switch]$SaveCredentials,
        [Parameter(DontShow)]$cspApi = 'console.cloud.vmware.com',
        [Parameter(DontShow)]$skylineApi = 'skyline.vmware.com'
    )
    if ($PSEdition -eq 'Core' -And $SaveCredentials) {
        write-error 'The parameter SaveCredentials of Connect-SkylineInsights cmdlet is not supported on PowerShell Core.'
        return
    }
    if ($PSEdition -eq 'Core' -AND !$apiKey) {
        write-error 'An API key is required.'
        return
    }
    # Create VICredentialStore item to save the API key
    if ($apiKey -AND $SaveCredentials) {
        if ( (Get-Command Get-VICredentialStoreItem -ErrorAction:SilentlyContinue | Measure-Object).Count -gt 0 ) {
            $savedCred = Get-VICredentialStoreItem -host $skylineApi -ErrorAction:SilentlyContinue
            if ($savedCred) {
                $savedCred | Remove-VICredentialStoreItem -Confirm:$false
            }
            New-VICredentialStoreItem -Host $skylineApi -User 'api-key' -Password $apiKey
        } else {
            Write-Warning 'Use of -SaveCredentials requires the PowerCLI VICredentialStoreItem cmdlets.'
        }
    }
    if (!$apiKey) {
        if ( (Get-Command Get-VICredentialStoreItem -ErrorAction:SilentlyContinue | Measure-Object).Count -gt 0 ) {
            $savedCred = Get-VICredentialStoreItem -host $skylineApi -ErrorAction:SilentlyContinue
        }
        if ( ($savedCred | Measure-Object).Count -eq 1) {
            $apiKey = $savedCred.Password
        } else {
            write-error 'An API key is required.'
            return
        }
    }
    $loginHeader = @{
        'Accept' = 'application/json'
        'Content-Type' = 'application/x-www-form-urlencoded'
    } 
    $loginBody = @{'refresh_token' = $apiKey }
    try {
        $webRequest = Invoke-RestMethod -Uri "https://$cspApi/csp/gateway/am/api/auth/api-tokens/authorize?grant_type=refresh_token" -method POST -Headers $loginHeader -Body $loginBody
        $global:DefaultSkylineConnection = New-Object psobject -property @{ 'Name'=$skylineApi; 'CSPName'=$cspApi; 'ConnectionDetail'=$webRequest; APIKey = $apiKey;
        'Refresh_Token'=$webRequest.refresh_token; 'SkylineAPI'="https://$skylineApi/public/api/data"; PSTypeName='SkylineConnection' }
        # Return the connection object
        $global:SkylineInsightsApiQueryCount = 0
        $global:SkylineInsightsApiQueryLastTime = $null
        $global:DefaultSkylineConnection
    } catch {
        Write-Error ("Failure connecting to $skylineAPI.  Posted $loginBody " + $_)
    } # end try/catch block
 }
 Function Disconnect-SkylineInsights {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to disconnect from Skyline Insights API
    .DESCRIPTION
    This function will allow you to disconnect from a Skyline Insights API.
    The global variable will be set with the Servername & Header value for use by other functions.
    .EXAMPLE
    PS C:\> Disconnect-SkylineInsights
    This will remove a connection to Skyline Insights.
 #>
    if ($global:DefaultSkylineConnection) {
        $global:DefaultSkylineConnection = $null
    } else {
        Write-Error 'Could not find an existing connection to SkylineInsights API.'
    }
 }
 Function Invoke-SkylineInsightsApi {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to post a query to the Skyline Insights API.
    .DESCRIPTION
    This function will allow you to query the Skyline Insights API.
    Proper headers will be formatted and posted if a DefaultSkylineConnection is present.
    This is primarily a helper function used by other functions included in the module.  
    It is exported in the module manifest to be used for any custom queries.
    .EXAMPLE
    PS C:\> Invoke-SkylineInsightsApi -queryBody '{formatted-query-string-converted-to-json}'
 #>
    param(
        [Parameter(Mandatory=$true)][string]$queryBody,
        [Parameter(DontShow=$true)][int]$sleepTimerMs=501
    )
    if ( !$global:DefaultSkylineConnection ) {
        Write-Error 'You are not currently connected to any servers. Please connect first using Connect-SkylineInsights.'
        return;
    }
    write-debug "Querybody: $queryBody"
    try {
        if ($global:SkylineInsightsApiQueryLastTime) {
            $timeSinceLastQuery = (New-TimeSpan $global:SkylineInsightsApiQueryLastTime (Get-Date)).TotalMilliseconds
            if ($timeSinceLastQuery -lt $sleepTimerMs) {
                Write-Debug "Waiting $($sleepTimerMs-$timeSinceLastQuery)ms to prevent HTTP 429 TOO_MANY_REQUESTS error"
                Start-Sleep -Milliseconds ($sleepTimerMs-$timeSinceLastQuery) 
            }
        }
        $restCall = invoke-restmethod -method post -Uri $($global:DefaultSkylineConnection.SkylineAPI) -Headers @{Authorization = "Bearer $($global:DefaultSkylineConnection.ConnectionDetail.access_token)"} -body $queryBody -ContentType "application/json"
        $global:SkylineInsightsApiQueryCount++
        $global:SkylineInsightsApiQueryLastTime = Get-Date
        if ($restCall.errors) {
            Write-Error $restCall.errors.Message
        }
        return $restCall
    } catch {
        $incomingError = $_
        try {
            # are nested try/catch blocks the powershell equilivent of vbscript On Error Resume Next?
            $errorStatusAsJson = ($incomingError | ConvertFrom-Json).status
            if ($errorStatusAsJson -eq '429 TOO_MANY_REQUESTS') {
                write-error 'Encountered HTTP 429 TOO_MANY_REQUESTS error, consider increasing sleepTimerMs value.'
                start-sleep -Milliseconds (2*$sleepTimerMs)
                break
            }
        } catch {
            # this was the error from trying to cast the incoming error to Json
        }
        if (!$errorStatusAsJson) { write-error $incomingError }
    }
 }
 Function Get-SkylineFinding {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to query findings from the Skyline Insights API.
    .DESCRIPTION
    This function will allow you to query the Skyline Insights API for Findings.
    As described in the documentation, the maximum limit per page is 200 records.  This function provides
    an optional pagesize parameter to request smaller batches, but by default assumes 200 records.
    .EXAMPLE
    PS C:\> Get-SkylineFinding
 #>
    [cmdletbinding()]
    param(
        [Parameter(ValueFromPipelineByPropertyName=$true)][string]$findingId,
        [Parameter(ValueFromPipelineByPropertyName=$true)][string[]]$products,
        [Parameter(ValueFromPipelineByPropertyName=$true)][ValidateSet('CRITICAL','MODERATE','TRIVIAL')][string]$severity,
        [Parameter(DontShow=$true)][ValidateRange(1,200)][int]$pagesize=200
    )
    begin {
        $queryBody = @"
 {
    activeFindings(limit: $pagesize, start: 0 filter: {}) {
        findings {
            findingId
            accountId
            findingDisplayName
            severity
            products
            findingDescription
            findingImpact
            recommendations
            kbLinkURLs
            recommendationsVCF
            kbLinkURLsVCF
            categoryName
            findingTypes
            firstObserved
            totalAffectedObjectsCount
        }
        totalRecords
        timeTaken
    }
 }
 "@
    }
    process {
        if (!$products) { $products = 'NO_PRODUCT_FILTER'}
        foreach ($thisProduct in $products) {
            if ($findingId) { $filterString = "findingId: `"$findingId`"," }
            if ($thisProduct -ne 'NO_PRODUCT_FILTER') { $filterString += "product: `"$thisProduct`"," }
            # Try to get results the first time
            $results = @()
            $thisQueryBody = $queryBody -Replace 'filter: {}', "filter: { $filterString }"
            $thisIteration = 0
            do {
                $thisQueryBody = $thisQueryBody -Replace 'start: 0', "start: $thisIteration"
                Write-Debug $thisQueryBody
                $thisResult = Invoke-SkylineInsightsApi -queryBody (@{'query' = $thisQueryBody} | ConvertTo-Json -Compress)
                $totalRecords = $thisResult.data.activeFindings.totalRecords
                if ($severity) {
                    $thisResult.data.activeFindings.Findings | Where-Object {$_.severity -eq $severity}
                } else {
                    $thisResult.data.activeFindings.Findings
                }
                $results += ($thisResult.data.activeFindings.Findings)
                $thisIteration += $pageSize
            } while ($results.count -lt $totalRecords ) # end do/while loop
            #return $results
        }
    }
    end {
    }
 }
 Function Get-SkylineAffectedObject {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to query affected objects from the Skyline Insights API.
    .DESCRIPTION
    This function will allow you to query the Skyline Insights API for affected objects.
    Input parameters are required for the findingId and product.  Products can be provided as an object (from Get-SkylineFinding) or
    a single product can be specified by name (or delimited list).
    As described in the documentation, the maximum limit per page is 200 records.  This function provides
    an optional pagesize parameter to request smaller batches, but by default assumes 200 records.
    .EXAMPLE
    PS C:\> Get-SkylineAffectedObject -findingId 'vSphere-Vmtoolsmemoryleak-KB#76163' -product 'core-vcenter01.lab.enterpriseadmins.org'
    This example uses the ByName parameter set to pass in specific findings/product and expects either a single product or a 'separator' delimited list
    .EXAMPLE
    PS C:\> Get-SkylineFinding | Select-Object -First 2 | Get-SkylineAffectedObject
    This example uses the ByObject parameter set to pass in products as an object from Get-SkylineFinding
 #>
    [cmdletbinding()]
    param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][string]$findingId,
        [Parameter(Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)][string[]]$products,
        [Parameter(DontShow=$true)][ValidateRange(1,200)][int]$pagesize=200
    )
    begin {
        $queryBody = @"
        {
            activeFindings(
                filter: {
                    findingId: "",
                    product: "",
                }) {
            findings {
                totalAffectedObjectsCount
                affectedObjects(start: 0, limit: $pagesize)  {
                    sourceName
                    objectName
                    objectType
                    version
                    buildNumber
                    solutionTags {
                    type
                    version
                    }
                    firstObserved
                }
            }
            totalRecords
            timeTaken
            }
        }
 "@
        # Try to get results the first time
    }
    process {
        $thisQueryBody = $queryBody -Replace 'findingId: "",', "findingId: `"$findingId`","
        foreach ( $thisProduct in $products ) {
            $thisIteration = 0
            $results = @() # reset results variable between products
            do {
                $thisQueryBody = $thisQueryBody -Replace 'product: "",', "product: `"$thisProduct`","
                $thisQueryBody = $thisQueryBody -Replace 'start: 0', "start: $thisIteration"
                Write-Debug $thisQueryBody
                $thisResult = Invoke-SkylineInsightsApi -queryBody (@{'query' = $thisQueryBody} | ConvertTo-Json -Compress)
                $totalRecords = $thisResult.data.activeFindings.Findings.totalAffectedObjectsCount
                $thisResult.data.activeFindings.Findings.affectedObjects | Select-Object @{N='findingId';E={$findingId}}, *
                $results += ($thisResult.data.activeFindings.Findings.affectedObjects) | Select-Object @{N='findingId';E={$findingId}}, *
                $thisIteration += $pagesize
            } while ($results.count -lt $totalRecords ) # end do/while loop
        } # end foreach product loop
    } 
 }
 Function Format-SkylineResult {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to format results from the Skyline Insights API
    .DESCRIPTION
    This function will format the output from the Skyline Insights API.
    For example, Get-SkylineFinding and Get-SkylineAffectedObject will return some strings, date values as numbers, and object properties.
    This function will convert date numbers to powershell dates and objects to delimiter separated stings.  This should help with exporting
    results to CSV files for example.
    .EXAMPLE
    PS C:\> Get-SkylineFinding | Format-SkylineResult | Export-Csv c:\temp\findings.csv -NoTypeInformation
    This will return Skyline Findings, format them as needed, and export results to a CSV file.
 #>
    param(
        [Parameter(Mandatory=$true, ValueFromPipeline=$true)][PSCustomObject]$inputObject,
        [string]$separator = '; '
    )
    begin {
        $results = @()
        # To format the dates, we need to add the value returned by the API to the begining of time
        $startOfTime = Get-Date '1970-01-01'
    }
    process {
        if ( $inputObject.accountId ) {
            #This appears to be a Finding
            $results += $inputObject | Select-Object findingId, accountId, findingDisplayName, severity, @{N='product';E={[string]::join($separator, $_.products)}}, findingDescription,
                findingImpact, @{N='recommendations';E={[string]::Join($separator,$_.recommendations)}}, @{N='kbLinkURLs';E={[string]::Join($separator, $_.kbLinkURLs)}},
                @{N='recommendationsVCF';E={[string]::Join($separator,$_.recommendationsVCF)}}, @{N='kbLinkURLsVCF';E={[string]::Join($separator, $_.kbLinkURLsVCF)}},
                categoryName, @{N='findingTypes';E={[string]::Join($sep, $_.findingTypes)}}, @{N='firstObserved';E={ $startOfTime+[timespan]::FromMilliseconds($_.firstObserved) }},
                totalAffectedObjectsCount
        } elseif ( $inputObject.objectName ) {
            #This appears to be an AffectedObject
            $results += $inputObject | Select-Object findingId, sourceName, objectName, objectType, version, buildNumber, @{N='solutionTags-Type';E={$_.solutionTags.type}}, 
                @{N='solutionTags-Version';E={$_.solutionTags.version}}, @{N='firstObserved';E={ $startOfTime+[timespan]::FromMilliseconds($_.firstObserved) }}
        } else {
            write-warning "Unable to determine input object type."
        } # end inputobject evaluation
    } #end process
    end {
        return $results
    }
 }
 Function Start-SkylineInsightsApiExplorer {
 <#
    .NOTES
    ===========================================================================
    Created by:	Brian Wuchner
    Date:		February 21, 2022
    Blog:		www.enterpriseadmins.org
    Twitter:		@bwuch
    ===========================================================================
    .SYNOPSIS
    Use this function to launch the Skyline Insights API in a browser.
    .DESCRIPTION
    This function will open the Skyline Insights API explorer in the default web browser and populate
    the clipboard with the necessary authorization header value to enable interactive queries.
    .EXAMPLE
    PS C:\> Start-SkylineInsightsApiExplorer
 #>
    if ( !$global:DefaultSkylineConnection ) {
        Write-Error 'You are not currently connected to any servers. Please connect first using Connect-SkylineInsights.'
        return;
    }
    "Default web browser will launch to the Skyline Insights API explorer.  In the lower left select 'Request Headers' and paste the authorization/bearer token into the text box.  `nNote: this script has updated your clipboard with the required auth token."
    "{`"Authorization`":`"Bearer $($global:DefaultSkylineConnection.ConnectionDetail.access_token)`"}" | Set-Clipboard 
    Start-Process "https://$($global:DefaultSkylineConnection.Name)/public/api/docs"
 }
--- a/Modules/VMware.TrustedInfrastructure.Helper/README.md
+++ b/Modules/VMware.TrustedInfrastructure.Helper/README.md
@@ -1,11 +1,11 @@
 Prerequisites/Steps to use this module:
  1. You must be a Trust Authority Administrator, a part of the TrustedAdmins group and also have the "Host.Inventory.Add Host To Cluster" privilege on vCenter system.
  2. The ESXi host must be wiped from existing Trusted Infrastructure configuration. If the ESXi host has been previously configured as  part of vSphere Trust Authority (part of a vCenter configured for vSphere Trust Authority, a Trust Authority Cluster or Trusted Cluster), you must use the decommission script first.
-  3. Clusters should be in a healthy state (check all vSphere Trust Authority APIs which return Health field).
+  3. TrustAuthorityCluster and TrustedCluster should be in a healthy state (check all vSphere Trust Authority APIs which return Health field).
  4. The ESXi host must be removed from vCenter.
  5. You must know the ESXi host root credentials (username and password).
  6. You must have purchased sufficient license for vSphere Trust Authority.
-  7. You must have PowerCLI 12.0.0 and above.
+  7. You must have PowerCLI 12.1.0 and above.
  8. Following PowerCLI module is required to be imported: VMware.VimAutomation.Security.
  9. Run the command Get-Command -Module VMware.TrustedInfrastructure.Helper. This should inform the following functions are available:
     - Add-TrustAuthorityVMHost
--- a/Modules/VMware.TrustedInfrastructure.Helper/VMware.TrustedInfrastructure.Helper.psd1
+++ b/Modules/VMware.TrustedInfrastructure.Helper/VMware.TrustedInfrastructure.Helper.psd1
@@ -53,7 +53,7 @@ Copyright = 'Copyright (c) 2020 VMware, Inc. All rights reserved.'
 # Modules that must be imported into the global environment prior to importing this module
 RequiredModules = @(
-@{"ModuleName"="VMware.VimAutomation.Security";"ModuleVersion"="12.0.0.15939672"}
+@{"ModuleName"="VMware.VimAutomation.Security";"ModuleVersion"="12.1.0.17009493"}
 )
@@ -126,10 +126,10 @@ PrivateData = @{
 }
 # SIG # Begin signature block
-# MIIi9AYJKoZIhvcNAQcCoIIi5TCCIuECAQExDzANBglghkgBZQMEAgEFADB5Bgor
+# MIIhmQYJKoZIhvcNAQcCoIIhijCCIYYCAQExDzANBglghkgBZQMEAgEFADB5Bgor
 # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
-# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBpNQqsdVk1BjVn
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD1J+i48Lf7YHut
-# MMKwrDCn/ghozrgmuT8MkgPS925Zl6CCD8swggTMMIIDtKADAgECAhBdqtQcwalQ
+# tHoAX/uG5pY2Z1O+6f9dCc3MyP4DB6CCD8swggTMMIIDtKADAgECAhBdqtQcwalQ
 # C13tonk09GI7MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQK
 # ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg
 # TmV0d29yazEwMC4GA1UEAxMnU3ltYW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBT
@@ -213,104 +213,97 @@ PrivateData = @{
 # yfcjKDJ2+aSDVshIzlqWqqDMDMR/tI6Xr23jVCfDn4bA1uRzCJcF29BUYl4DSMLV
 # n3+nZozQnbBP1NOYX0t6yX+yKVLQEoDHD1S2HmfNxqBsEQOE00h15yr+sDtuCjqm
 # a3aZBaPxd2hhMxRHBvxTf1K9khRcSiRqZ4yvjZCq0PZ5IRuTJnzDzh69iDiSrkXG
-# GWpJULMF+K5ZN4pqJQOUsVmBUOi6g4C3IzX0drlnHVkYrSCNlDGCEn8wghJ7AgEB
+# GWpJULMF+K5ZN4pqJQOUsVmBUOi6g4C3IzX0drlnHVkYrSCNlDGCESQwghEgAgEB
 # MIGTMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlv
 # bjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEwMC4GA1UEAxMnU3lt
 # YW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBTaWduaW5nIENBAhBdqtQcwalQC13t
 # onk09GI7MA0GCWCGSAFlAwQCAQUAoIGWMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3
 # AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCoGCisGAQQBgjcCAQwx
-# HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIM0S
+# HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIFE5
-# yl+DLO5/G6CpV6dDnBERqJttAW4XXH7Aky0XuDpFMA0GCSqGSIb3DQEBAQUABIIB
+# XkE1aqldNZ9PdTmDM9o8F2go4eZy2Z0ldYxQDQjYMA0GCSqGSIb3DQEBAQUABIIB
-# AFFIiFbh7hbtFYhpRzq2TM3DZ2R+LpRz2DdVTOR8iLirTkwcZvCMbsx4wZbcoDpQ
+# ABYojUSikybt+zBAYjJkVB+ZXSqf2DFW5I2FrzHL2kJXE8Z8sse8x5eBL/wTQydp
-# uldpdbJS1CuXAX+TW48NtE/ph0wA+c2D5CgAvyamV9Zz/Jog9W8bYrytl3A1JNCk
+# I7Nt6E2Oa7l+AFI1QSmc1kdHGjrljiJV6rdIVMl2Qi1DEGYloLIkUuGpeMq09Bio
-# cT6xdg8L+E6OAx1L4ls8giqJXOoJSpFX4fD8Wzdd2cA4GgfPSZ3V+KahgxnOmglp
+# pgRkWUQOax2L9X+Jabf5f9jK9OABnjPjU944/mw2hMNSlPFa1N3YhM9lS2Ua6sgi
-# rVcsFfdMywtGyfVyYU5ZP/a2Wo9uGioZVYaRuW6gUc8aziUWpeeUCPDeOMTpRCVE
+# sUFE+iK4rNPQo+fT753hbzQLZvVKOkJ/Kt10ELa/nWzzZnm7O5kViagDpvQc7dYb
-# Hu4YO7usse7/W2c4sQGe273k/AYyyVf1pLQrmoW5Q453KcpiZa3FJAPBoyamCO2i
+# WYjqm5mZviZQSZSkcj0BQPP1kpexl3c3jYz2l6EXYq4C8MXc7ZbktFqMnCe3eQno
-# 0b1IdrfRwgriLapWu2Qv4SyhghAjMIIQHwYKKwYBBAGCNwMDATGCEA8wghALBgkq
+# NRTi0u4owXw7W3Z4IwF66/Shgg7IMIIOxAYKKwYBBAGCNwMDATGCDrQwgg6wBgkq
-# hkiG9w0BBwKggg/8MIIP+AIBAzEPMA0GCWCGSAFlAwQCAQUAMIHmBgsqhkiG9w0B
+# hkiG9w0BBwKggg6hMIIOnQIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqGSIb3DQEJ
-# CRABBKCB1gSB0zCB0AIBAQYJKwYBBAGgMgIDMDEwDQYJYIZIAWUDBAIBBQAEIPY5
+# EAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg6TWzqpl5
-# SN6u90hWWtb8WksRwND3bUpYHl/udJrlk3gg43Q7Ag4BbKiJKXgAAAAAAKUUyRgT
+# e7eFcT7LyWtAxkl3Xz0jBI5uSPTz509MPlgCEByTeiRukyNPugnHqHi5fDcYDzIw
-# MjAyMDA0MDIxMDI5MTcuMjUzWjADAgEBoGOkYTBfMQswCQYDVQQGEwJKUDEcMBoG
+# MjAxMDEyMTAxNzExWqCCC7swggaCMIIFaqADAgECAhAEzT+FaK52xhuw/nFgzKdt
-# A1UEChMTR01PIEdsb2JhbFNpZ24gSy5LLjEyMDAGA1UEAxMpR2xvYmFsU2lnbiBU
+# MA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
-# U0EgZm9yIEFkdmFuY2VkIC0gRzMgLSAwMDMtMDGgggxqMIIE6jCCA9KgAwIBAgIM
+# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lD
-# M5Agd2HEJt2UUAMNMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYD
+# ZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMTkxMDAxMDAw
-# VQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIFRpbWVz
+# MDAwWhcNMzAxMDE3MDAwMDAwWjBMMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGln
-# dGFtcGluZyBDQSAtIFNIQTI1NiAtIEcyMB4XDTE4MDYxNDEwMDAwMFoXDTI5MDMx
+# aUNlcnQsIEluYy4xJDAiBgNVBAMTG1RJTUVTVEFNUC1TSEEyNTYtMjAxOS0xMC0x
-# ODEwMDAwMFowXzELMAkGA1UEBhMCSlAxHDAaBgNVBAoTE0dNTyBHbG9iYWxTaWdu
+# NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOlkNZz6qZhlZBvkF9y4
-# IEsuSy4xMjAwBgNVBAMTKUdsb2JhbFNpZ24gVFNBIGZvciBBZHZhbmNlZCAtIEcz
+# KTbMZwlYhU0w4Mn/5Ts8EShQrwcx4l0JGML2iYxpCAQj4HctnRXluOihao7/1K7S
-# IC0gMDAzLTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3Gj+IDO
+# ehbv+EG1HTl1wc8vp6xFfpRtrAMBmTxiPn56/UWXMbT6t9lCPqdVm99aT1gCqDJp
-# E5Be8KfdP9KY8kE6Sdp/WC+ePDoBE8ptNJlbDCccROdW4wkv9W+rTr4nYmbGuLKH
+# IhO+i4Itxpira5u0yfJlEQx0DbLwCJZ0xOiySKKhFKX4+uGJcEQ7je/7pPTDub0U
-# x2W+xsBeqT6u+yR0iyv4aARkhqo64qohj/rxnbkYMF6afAf1O3Uu2gklGav+c+lx
+# LOsMKCclgKsQSxYSYAtpIoxOzcbVsmVZIeB8LBKNcA6Pisrg09ezOXdQ0EIsLnrO
-# neyq9j4ShYEUJPjmPpnfrvO5i9UmywSommFW7yhwqEtqKyVq5aA2ny25mofcdA4f
+# nGd6OHdUQP9PlQQg1OvIzocUCP4dgN3Q5yt46r8fcMbuQhZTNkWbUxlJYp16ApuV
-# QqBBOpYHDst7MtUBC1ORfVY0T7S8sHRHnKp6bF/kjlGfk5BhAz6PX0FBUHg5LRIS
+# FKMCAwEAAaOCAzgwggM0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYG
-# 3OvqADCyP+FtE7d1SBVrTg7Rl+NO25bZ0WKvCEHPIg/o3c7Y6pNWbtM6j2dKaki6
+# A1UdJQEB/wQMMAoGCCsGAQUFBwMIMIIBvwYDVR0gBIIBtjCCAbIwggGhBglghkgB
-# /GHlbFmzEi0CgQIDAQABo4IBqDCCAaQwDgYDVR0PAQH/BAQDAgeAMEwGA1UdIARF
+# hv1sBwEwggGSMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20v
-# MEMwQQYJKwYBBAGgMgEeMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh
+# Q1BTMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAA
-# bHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwFgYDVR0lAQH/BAwwCgYI
+# dABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQA
-# KwYBBQUHAwgwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWdu
+# dQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQA
-# LmNvbS9ncy9nc3RpbWVzdGFtcGluZ3NoYTJnMi5jcmwwgZgGCCsGAQUFBwEBBIGL
+# aQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIA
-# MIGIMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2Nh
+# ZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcA
-# Y2VydC9nc3RpbWVzdGFtcGluZ3NoYTJnMi5jcnQwPAYIKwYBBQUHMAGGMGh0dHA6
+# aABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQA
-# Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc3RpbWVzdGFtcGluZ3NoYTJnMjAdBgNV
+# IABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4A
-# HQ4EFgQUeaezg3HWs0B2IOZ0Crf39+bd3XQwHwYDVR0jBBgwFoAUkiGnSpVdZLCb
+# IABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMAsGCWCGSAGG/WwDFTAfBgNVHSME
-# tB7mADdH5p1BK0wwDQYJKoZIhvcNAQELBQADggEBAIc0fm43ZxsIEQJttimYchTL
+# GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUVlMPwcYHp03X2G5X
-# SH7IyY8viQ2vD/IsIZBuO7ccAaqBaMQQI0v4CeOrX+pFps4O/qSA6WtqDAD5yoYQ
+# coBQTOTsnsEwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNlcnQu
-# DD7/HxrpHOUil2TZrOnj6NpTYGMLt45P3NUh9J3eE2o4NeVs4yZM29Z0Z0W5TwTE
+# Y29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRpZ2lj
-# WAgam2ZFPSQaGpJXyV8oR3hn21zKrQvotw/RthYyNCIENnJM73umvLauBMDZeKCI
+# ZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcwJAYI
-# yIZrGNqWjStuIlzLf70XvZ63toZNgxBNsDKy4BOgy2DihHUU6SG9EKKktgjPOw0p
+# KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZD
-# WVmp08NMDX9CzIgUtELlugTVmEqkjQc9SR94bWVtYL38zlnrLOnFqtqt7taTrBUw
+# aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ
-# ggQVMIIC/aADAgECAgsEAAAAAAExicZQBDANBgkqhkiG9w0BAQsFADBMMSAwHgYD
+# RFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEALoOhRAVKBOO5
-# VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2ln
+# MlL62YHwGrv4CY0juT3YkqHmRhxKL256PGNuNxejGr9YI7JDnJSDTjkJsCzox+Hi
-# bjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xMTA4MDIxMDAwMDBaFw0yOTAzMjkx
+# zO3LeWvO3iMBR+2VVIHggHsSsa8Chqk6c2r++J/BjdEhjOQpgsOKC2AAAp0fR8Sf
-# MDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNh
+# tApoU39aEKb4Iub4U5IxX9iCgy1tE0Kug8EQTqQk9Eec3g8icndcf0/pOZgrV5JE
-# MTEwLwYDVQQDEyhHbG9iYWxTaWduIFRpbWVzdGFtcGluZyBDQSAtIFNIQTI1NiAt
+# 1+9uk9lDxwQzY1E3Vp5HBBHDo1hUIdjijlbXST9X/AqfI1579JSN3Z0au996KqbS
-# IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpuOw6sRUSUBtpaU
+# RaZVDI/2TIryls+JRtwxspGQo18zMGBV9fxrMKyh7eRHTjOeZ2ootU3C7VuXgvjL
-# 4k/YwQj2RiPZRcWVl1urGr/SbFfJMwYfoA/GPH5TSHq/nYeer+7DjEfhQuzj46FK
+# qQhsUwm09zCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZIhvcN
-# bAwXxKbBuc1b8R5EiY7+C94hWBPuTcjFZwscsrPxNHaRossHbTfFoEcmAhWkkJGp
+# AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
-# eZ7X61edK3wi2BTX8QceeCI2a3d5r6/5f45O4bUIMf3q7UtxYowj8QM5j0R5tnYD
+# A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJl
-# V56tLwhG3NKMvPSOdM7IaGlRdhGLD10kWxlUPSbMQI2CJxtZIH1Z9pOAjvgqOP1r
+# ZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFowcjEL
-# oEBlH1d2zFuOBE8sqNuEUBNPxtyLufjdaUyI65x7MCb8eli7WbwUcpKBV7d2ydiA
+# MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
-# CoBuCQIDAQABo4HoMIHlMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/
+# LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElE
-# AgEAMB0GA1UdDgQWBBSSIadKlV1ksJu0HuYAN0fmnUErTDBHBgNVHSAEQDA+MDwG
+# IFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-# BFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20v
+# AL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSXv2Mh
-# cmVwb3NpdG9yeS8wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxz
+# kJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi9aDg
-# aWduLm5ldC9yb290LXIzLmNybDAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove
+# 3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9xck4K
-# 4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEABFaCSnzQzsm/NmbRvjWek2yX6AbOMRhZ
+# rd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHmgudG
-# +WxBX4AuwEIluBjH/NSxN8RooM8oagN0S2OXhXdhO9cv4/W9M6KSfREfnops7yyw
+# UP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJTKk+F
-# 9GKNNnPRFjbxvF7stICYePzSdnno4SGU4B/EouGqZ9uznHPlQCLPOc7b5neVp7uy
+# HcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEgHf4p
-# y/YZhp2fyNSYBbJxb051rvE9ZGo7Xk5GpipdCJLxo/MddL9iDSOMXCo4ldLA1c3P
+# rtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAS
-# iNofKLW6gWlkKrWmotVzr9xG2wSukdduxZi61EfEVnSAR3hYjL7vK/3sbL/RlPe/
+# BgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggr
-# UOB74JD9IBh4GCJdCC6MHKCX8x2ZfaOdkdMGRE4EbnocIOM28LZQuTCCA18wggJH
+# BgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
-# oAMCAQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0ds
+# LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNl
-# b2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYD
+# cnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHoweDA6
-# VQQDEwpHbG9iYWxTaWduMB4XDTA5MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFow
+# oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElE
-# TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds
+# Um9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lD
-# b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqGSIb3DQEBAQUA
+# ZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwAAgQw
-# A4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E
+# KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglg
-# XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJq
+# hkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qzeM8G
-# Yi8fXvqWaN+JJ5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8go
+# N0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92pDqT
-# keWdimFXN6x0FNx04Druci8unPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh
+# D/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhfiThh
-# 6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTvriBJ/K1AFUjRAjFhGV64l++td7dk
+# TWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0WGkN
-# mnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGjQjBAMA4GA1UdDwEB
+# fMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLEfrvE
-# /wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5NUPpj
+# JStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIxggJN
-# move4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGs
+# MIICSQIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j
-# sxOGhigHM8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5
+# MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBT
-# V2yq/BKW7FPGLeQkbLmUY/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16
+# SEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhAEzT+FaK52xhuw/nFgzKdt
-# WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V14qWtNPeTCekTBtzc3b0F5nCH3oO4y0I
+# MA0GCWCGSAFlAwQCAQUAoIGYMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAc
-# rQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcya5QBqJnnLDMfOjsl0oZA
+# BgkqhkiG9w0BCQUxDxcNMjAxMDEyMTAxNzExWjArBgsqhkiG9w0BCRACDDEcMBow
-# zjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/XzGCAokw
+# GDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xTAvBgkqhkiG9w0BCQQxIgQgljiG33qR
-# ggKFAgEBMGswWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
+# W3eFxG+8JqokoQ3h+0VUPjMr2ipJwjHjKyYwDQYJKoZIhvcNAQEBBQAEggEA0rMO
-# c2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMjU2
+# e70hWy1hPDaGuhZm97/x9R9L+7u2D/gQ5VZi9hVNsUuspfPnPANRqNdwPZFqVhT0
-# IC0gRzICDDOQIHdhxCbdlFADDTANBglghkgBZQMEAgEFAKCB8DAaBgkqhkiG9w0B
+# DtbXldlhx57QmM5/KAJJgI6LNurGHz2IkSEt2wx96RET33erziTdnxxcsUK90Jqd
-# CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIAZrKdIvpe4etJdIpute
+# xiMbLtXWr3pIgP6PuuCoTf3CaBIcHncQG8h/YYoYUggRpUV6fl2LqQeRNgt6lsfy
-# bD7Bkgo2OLI6O5CjboEGMuXnMIGgBgsqhkiG9w0BCRACDDGBkDCBjTCBijCBhwQU
+# puD1ZvdskgUVTGKeCPP7UWyZSgGy6DAJBSw935BnXw5zxvDxIqtcX+5m/Dg/gvp7
-# rmsC2QsljAmRsRYSid62aVY5HW8wbzBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNV
+# 9p6+zSiYQlo5BKhN3ehunVucmSH3ARPAo3uTlkMoYUleSVvSlM0IKZkNovha1IIx
-# BAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0
+# a7pYtiIIYFVJXnOUSw==
 # YW1waW5nIENBIC0gU0hBMjU2IC0gRzICDDOQIHdhxCbdlFADDTANBgkqhkiG9w0B
 # AQEFAASCAQCtspr11iTT8uoLlJY6Gmk9/dEzqYSh+ib0ml+qk5WNO2g0ggA42yp9
 # lnUfnLFUdqTCTm1kP5QHYISnBRVq88TDVqPOlxMUr/pxaWGi95NgkMbYS0A9bEf1
 # 0B1BjUsVHdEcRmW3RYU6bgmcoMKCNNvt2U0+r/e85MW358FMr5+Qwje5xKFhFKQi
 # wZkY34+ycnFsyMBwDCYeMxIWEAJdFdp+BQ1NI4hE1+whqEoXxBFbHABzoK7CQfZt
 # x38BWzvhRjGc4DFiTH25oqKHmzvvBrtIBhR1KGP0UxgJtLIkBu1lqqVCpD2DuOpu
 # 6Q/wMh8Z+1DanPs+68ioAyOE0N4MaVz+
 # SIG # End signature block
--- a/Modules/VMware.TrustedInfrastructure.Helper/VMware.TrustedInfrastructure.Helper.psm1
+++ b/Modules/VMware.TrustedInfrastructure.Helper/VMware.TrustedInfrastructure.Helper.psm1
@@ -30,50 +30,37 @@ $TrustAuthorityClusterSettingsFile =
 Function Add-TrustAuthorityVMHost {
   <#
    .SYNOPSIS
       This cmdlet adds a new host into the specific Trust Authority cluster.
       There are some preconditions need to be met:
       1. The newly added host is cleared of any previous Trust Authority configurations
       2. The Trust Authority Cluster settings are all healthy
       3. The connection user has the needed privileges. Please, check vSphere documentation.
       4. The trust between Key Servers and TrustAuthorityKeyProvider uses the signed client certificate, user should provide its privateKey part
   .DESCRIPTION
       This cmdlet adds a new host into the specific Trust Authority cluster.
   .PARAMETER TrustAuthorityCluster
       Specifies the Trust Authority cluster you want to add the new host.
   .PARAMETER VMHostAddress
       Specifies the ip address of the new host you want to add to the specific Trust Authority cluster.
   .PARAMETER Credential
       Specifies the credential of the new host.
   .PARAMETER DestDir
       Specifies the location where you want to save the settings
   .PARAMETER PrivateKey
       Specifies the private key part of the ClientCertificate of the TrustAuthorityKeyProvider. It's a hashtable type with: the keyprovider.Name as the Key, and the File having the PrivateKey string for the ClientCertificate of the keyprovider as its Value.
   .PARAMETER BaseImageFolder
       Specifies the folder having all the baseImage files to re-create the TrustAuthorityVMHostBaseImage.
   .EXAMPLE
       PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
       PS C:\> $pass = Read-Host "Please enter the host's password" -AsSecureString
       PS C:\> $credential = New-Object System.Management.Automation.PSCredential -ArgumentList root,$pass
       PS C:\> $privateKeyHash = @{"provider1"="c:\myprivatekey.txt";}
       PS C:\> Add-TrustAuthorityVMHost -TrustAuthorityCluster $ts -VMHostAddress 1.1.1.1 -Credential $credential -DestDir c:\destDir\ -PrivateKey $privateKeyHash -BaseImageFolder "c:\baseImages\"
       Add the host 1.1.1.1 with the $credential to Trust Authority cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
   .EXAMPLE
       PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
       PS C:\> Add-TrustAuthorityVMHost -TrustAuthorityCluster $ts -VMHostAddress 1.1.1.1 -Credential root -DestDir c:\destDir\ -BaseImageFolder "c:\baseImages\"
       Add the host 1.1.1.1 with the credential root (a window wizard will be prompted to let you input the password for the user root) to Trust Authority cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
   .NOTES
       Author                                    : Carrie Yang
       Author email                              : yangm@vmware.com
@@ -123,7 +110,7 @@ Function Add-TrustAuthorityVMHost {
   Process {
      Save-TrustAuthorityClusterSettings -TrustAuthorityCluster $TrustAuthorityCluster -DestinationFile $DestinationFile -ErrorAction Stop
-      Join-VMHost -ClusterName $TrustAuthorityCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -ErrorAction Stop
+      Join-VMHost -ClusterName $TrustAuthorityCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -Server $server -ErrorAction Stop
      Apply-TrustAuthorityClusterSettings -TrustAuthorityCluster $TrustAuthorityCluster -SettingsFile $DestinationFile -BaseImageFolder $baseImageFolder -PrivateKey $privateKey -ErrorAction Stop
   }
 }
@@ -131,42 +118,32 @@ Function Add-TrustAuthorityVMHost {
 Function Add-TrustedVMHost {
   <#
   .SYNOPSIS
-
+       This cmdlet adds a new host into the specific trusted cluster.
       This cmdlet adds a new host into the specific Trusted cluster.
       There are some preconditions need to be met:
       1. No active workloads in the workload host as the cmdlet will interrup the workloads
       2. The newly added host is cleared of any previous Trust Authority Configurations
       3. Sufficient license
-
+       For vCenter Server 7.0.1 and above, use 'Set-TrustedCluster -Remediate' to remediate the trusted cluster after adding a new host directly.
   .DESCRIPTION
       This cmdlet adds a new host into the specific Trusted cluster.
   .PARAMETER TrustedCluster
       Specifies the Trusted cluster you want to add the new host.
   .PARAMETER VMHostAddress
       Specifies the ip address of the new host you want to add to the specific Trusted cluster.
   .PARAMETER Credential
       Specifies the credential of the new host.
   .PARAMETER DestDir
       Specifies the location where you want to save the settings
   .EXAMPLE
       PS C:\> $ts = Get-TrustedCluster "mycluster"
       PS C:\> $pass = Read-Host "Please enter the host's password" -AsSecureString
       PS C:\> $credential = New-Object System.Management.Automation.PSCredential -ArgumentList root,$pass
       PS C:\> Add-TrustedVMHost -TrustedCluster $ts -VMHostAddress 1.1.1.1 -Credential $credential -DestDir c:\destDir\
       Add the host 1.1.1.1 with the $credential to Trusted Cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
   .EXAMPLE
       PS C:\> $ts = Get-TrustedCluster "mycluster"
       PS C:\> Add-TrustedVMHost -TrustedCluster $ts -VMHostAddress 1.1.1.1 -Credential root -DestDir c:\destDir\
       Add the host 1.1.1.1 with the credential root (a window wizard will be prompted to let you input the password for the user root) to Trusted Cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
   .NOTES
       Author                                    : Carrie Yang
       Author email                              : yangm@vmware.com
@@ -202,7 +179,11 @@ Function Add-TrustedVMHost {
      Write-Verbose "The server got is: $server"
      ConfirmIsVCenter $server
-      Check-VMHostVersionAndLicense -VMHostName $VMHostAddress -Credential $Credential -CheckLicense:$true
+      if (Is70AboveServer -VIServer $server) {
         Throw "Use 'Set-TrustedCluster -Remediate' cmdlet from VMware.VimAutomation.Security module."
      }
      Check-VMHostVersionAndLicense -VMHostName $VMHostAddress -Credential $Credential -CheckLicense:$true -Allow70Above $false
      $DestinationFile =  Join-Path $DestDir $TrustedClusterSettingsFile
      Write-Verbose "The file to save settings is $DestinationFile"
   }
@@ -211,7 +192,7 @@ Function Add-TrustedVMHost {
      Check-TrustedClusterSettings -TrustedCluster $TrustedCluster -ErrorAction Stop
      Save-TrustedClusterSettings -TrustedCluster $TrustedCluster -DestinationFile $DestinationFile -ErrorAction Stop
      Remove-TrustedClusterSettings -TrustedCluster $TrustedCluster -ErrorAction Stop
-      Join-VMHost -ClusterName $TrustedCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -ErrorAction Stop
+      Join-VMHost -ClusterName $TrustedCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -Server $server -ErrorAction Stop
      Apply-TrustedClusterSettings -TrustedCluster $TrustedCluster -SettingsFile $DestinationFile -ErrorAction Stop
   }
 }
@@ -220,21 +201,16 @@ Function Save-TrustedClusterSettings {
   <#
   .SYNOPSIS
       This cmdlet saves the settings of the specific Trusted Cluster to the file $DestinationFile.
   .DESCRIPTION
       This cmdlet saves the settings of the specific Trusted Cluster to the file $DestinationFile.
   .PARAMETER TrustedCluster
       Specifies the Trusted Cluster you want to save the settings.
   .PARAMETER DestinationFile
       Specifies the file you want to save the settings to.
   .EXAMPLE
       PS C:\> $ts = Get-TrustedCluster "mycluster"
       PS C:\> Save-TrustedClusterSettings -TrustedCluster $ts -DestinationFile "c:\myfile.json"
       Saves the settings of Trusted Cluster "mycluster" to file c:\myfile.json.
   .NOTES
       Author                                    : Carrie Yang
       Author email                              : yangm@vmware.com
@@ -284,22 +260,16 @@ Function Save-TrustAuthorityClusterSettings {
   <#
   .SYNOPSIS
       This cmdlet saves the settings of the specific Trust Authority Cluster to the file $DestinationFile.
   .DESCRIPTION
       This cmdlet saves the settings of the specific Trust Authority Cluster to the file $DestinationFile.
   .PARAMETER TrustedCluster
       Specifies the Trust Authority Cluster you want to save the settings.
   .PARAMETER DestinationFile
       Specifies the file you want to save the settings to.
   .EXAMPLE
       PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
       PS C:\> Save-TrustAuthorityClusterSettings -TrustAuthorityCluster $ts -DestinationFile "c:\myfile.json"
       Saves the settings of Trust Authority Cluster "mycluster" to file c:\myfile.json.
   .NOTES
       Author                                    : Carrie Yang
       Author email                              : yangm@vmware.com
@@ -343,13 +313,13 @@ Function Save-TrustAuthorityClusterSettings {
      $i = 0
      if ($kp -ne $null) {
-         $jsonObj.TrustAuthorityCluster.TrustAuthorityKeyProvider = $kp | Select-Object -Property Name, MasterKeyId, Description, ProxyAddress, ProxyPort, ConnectionTimeoutSeconds, KmipServerUsername
+         $jsonObj.TrustAuthorityCluster.TrustAuthorityKeyProvider = $kp | Select-Object -Property Name, PrimaryKeyId, Description, ProxyAddress, ProxyPort, ConnectionTimeoutSeconds, KmipServerUsername
         $clientCert = @{}
         $serverCert = @{}
         $clientCSR = @{}
      }
-      foreach ($_ in $kp) {
+      $kp | Foreach-Object {
         $kps = Get-TrustAuthorityKeyProviderServer -KeyProvider $_  -Server $bluevc| Select-Object -Property Address, Port, Name
         $clientCertTemp = Get-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_ -Server $bluevc
         $clientCertStr = [System.Convert]::ToBase64String($($clientCertTemp.GetRawCertData()))
@@ -390,7 +360,7 @@ Function Save-TrustAuthorityClusterSettings {
      $jsonObj.TrustAuthorityCluster.TrustAuthorityTpm2CACertificate = $tpm2CA | Select-Object -Property Name
      $i = 0
-      foreach ($_ in $tpm2CA) {
+      $tpm2CA | Foreach-Object {
         $certStr = ConvertFrom-X509Chain -CertChain $_.CertificateChain
         $jsonObj.TrustAuthorityCluster.TrustAuthorityTpm2CACertificate[$i] | Add-Member -Name "certRawData" -value $certStr -MemberType NoteProperty
@@ -411,28 +381,21 @@ Function Apply-TrustAuthorityClusterSettings {
       Here are some limitations when applying the TrustAuthorityKeyProvider Settings:
       - The CSR configuration will not be preserved, user needs to reset the CSR and get it signed by the Key Server, then retrieve the signed client certificate to set it back to TrustAuthorityKeyProvider
       - If self signed certificates are used for trust setup, they need to be redone on new host.
   .DESCRIPTION
       This cmdlet applies the settings in the specific $SettingsFile to a Trust Authority Cluster
   .PARAMETER TrustAuthorityCluster
       Specifies the Trust Authority Cluster you want to apply the settings
   .PARAMETER SettingsFile
       Specifies the file having the settings you want to apply
   .PARAMETER PrivateKey
      Specifies the private key part of the ClientCertificate of the TrustAuthorityKeyProvider. It is a hashtable type with: the Key is the TrustAuthorityKeyProvider.Name, and the Value is the filePath for the TrustAuthorityKeyProvider's ClientCertificate PrivateKey part.
   .PARAMETER BaseImageFolder
      Specifies the folder having all the baseImage files to re-create the TrustAuthorityVMHostBaseImage. All the .tgz files under this folder and its sub-folders will be used to re-create TrustAuthorityVMHostBaseImage objects.
   .EXAMPLE
      PS C:\> $privateKeyHash = @{"provider1"="c:\myprivatekey.txt";}
      PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
      PS C:\> Apply-TrustAuthorityClusterSettings -TrustAuthorityCluster $ts -SettingsFile "c:\myfile.json"  -PrivateKey $privateKeyHash -BaseImageFolder "c:\myimages\"
       Applies the settings in file c:\myfile.json to Trust Authority Cluster "mycluster" with all the baseimage files under c:\myimages\ recursively, and cmdlet will prompt for inputting the password for each TrustAuthorityKeyProvider, also the PrivateKey info saved in c:\myprivatekey.txt will be used for the TrustAuthorityKeyProvider provider1.
   .NOTES
       Author                                    : Carrie Yang
       Author email                              : yangm@vmware.com
@@ -473,44 +436,45 @@ Function Apply-TrustAuthorityClusterSettings {
      $baseImages =  $jsonObj."TrustAuthorityCluster".TrustAuthorityVMHostBaseImage
      if ($kp -ne $null) {
-         foreach ($_ in $kp) {
+         $kp | Foreach-Object {
-            $kps =  $_.KmipServers
+            $provider = $_
            $kps =  $provider.KmipServers
            $cmd = "New-TrustAuthorityKeyProvider"
            $allArgs = @{
               'TrustAuthorityCluster' = $TrustAuthorityCluster;
-               'Name' = $($_.Name);
+               'Name' = $provider.Name;
-               'MasterKeyId' = $_.MasterKeyId;
+               'PrimaryKeyId' = $provider.PrimaryKeyId;
               'KmipServerName' = $kps[0].Name;
               'KmipServerAddress' = $kps[0].Address;
               'KmipServerPort' = $kps[0].Port;
               'Server' = $blueserver;
            }
-            if (![String]::IsNullOrWhiteSpace($_.Description)) {
+            if (![String]::IsNullOrWhiteSpace($provider.Description)) {
-               $allArgs += @{'Description' = $_.Description;}
+               $allArgs += @{'Description' = $provider.Description;}
            }
-            if (![String]::IsNullOrWhiteSpace($_.ProxyAddress)) {
+            if (![String]::IsNullOrWhiteSpace($provider.ProxyAddress)) {
-               $allArgs += @{'ProxyAddress' = $_.ProxyAddress;}
+               $allArgs += @{'ProxyAddress' = $provider.ProxyAddress;}
            }
-            if (![String]::IsNullOrWhiteSpace($_.ProxyPort)) {
+            if (![String]::IsNullOrWhiteSpace($provider.ProxyPort)) {
-               $allArgs += @{'ProxyPort' = $_.ProxyPort;}
+               $allArgs += @{'ProxyPort' = $provider.ProxyPort;}
            }
-            if (![String]::IsNullOrWhiteSpace($_.ConnectionTimeOutSeconds)) {
+            if (![String]::IsNullOrWhiteSpace($provider.ConnectionTimeOutSeconds)) {
-               $allArgs += @{'ConnectionTimeOutSeconds' = $_.ConnectionTimeOutSeconds;}
+               $allArgs += @{'ConnectionTimeOutSeconds' = $provider.ConnectionTimeOutSeconds;}
            }
-            if (![String]::IsNullOrWhiteSpace($_.KmipServerUsername)) {
+            if (![String]::IsNullOrWhiteSpace($provider.KmipServerUsername)) {
-               $allArgs += @{'KmipServerUsername' = $_.KmipServerUsername;}
+               $allArgs += @{'KmipServerUsername' = $provider.KmipServerUsername;}
            }
-            $silent = & $cmd @allArgs
+            & $cmd @allArgs
            if (($kps | Measure-Object).Count -gt 1) {
               for ($i = 1; $i -gt ($kps | Measure-Object).Count; $i++) {
-                  Add-TrustAuthorityKeyProviderServer -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Address $kps[$i].Address -Name $kps[$i].Name -Port $kps[$i].Port -Server $blueserver
+                  LogAndRunCmdlet {Add-TrustAuthorityKeyProviderServer -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Address $kps[$i].Address -Name $kps[$i].Name -Port $kps[$i].Port -Server $blueserver -ErrorAction:Continue}
               }
            }
@@ -518,73 +482,92 @@ Function Apply-TrustAuthorityClusterSettings {
               Write-Warning "CSR configuration won't be preserved, please manually establish the trust between kmip servers and trust authority keyprovider: $($_.Name)"
            }
-            if ($_.ClientCertificate -ne $null) {
+            if ($provider.ClientCertificate -ne $null) {
-               if ($privateKey -ne $null -and $privateKey.ContainsKey($($_.Name))) {
+               if ($privateKey -ne $null -and $privateKey.ContainsKey($($provider.Name))) {
                  $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
-                  $cert.Import([System.Text.Encoding]::Default.GetBytes($_.ClientCertificate))
+                  $cert.Import([System.Text.Encoding]::Default.GetBytes($provider.ClientCertificate))
                  try {
-                     $pkStr = [System.IO.File]::ReadAllText($privateKey.$($_.Name))
+                     $pkStr = [System.IO.File]::ReadAllText($privateKey.$($provider.Name))
                  } catch {
                     Throw "Failed to read privateKey file: $($privateKey.$($_.Name))"
                  }
-                  Set-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $cert -PrivateKey $pkStr -Server $blueserver
+
                  $cmd = {Set-TrustAuthorityKeyProviderClientCertificate -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $cert -PrivateKey $privateKey.$($provider.Name) -Server $blueserver -ErrorAction:Continue}
                  LogAndRunCmdlet $cmd
               } else {
-                  New-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Server $blueserver
+                  LogAndRunCmdlet {New-TrustAuthorityKeyProviderClientCertificate -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Server $blueserver -ErrorAction:Continue}
               }
            }
            if ($_.ServerCertificate -ne $null) {
               $trustedcerts = [System.Collections.ArrayList]@()
-               foreach ($certStr in $_.ServerCertificate) {
+               $provider.ServerCertificate | Foreach-Object {
                  $certStr = $_
                  $tempStr = $certStr.CertificateRawData
                  if ($certStr.Trusted) {
                     $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
                     $cert.Import([System.Text.Encoding]::Default.GetBytes($tempStr))
-                     $silent = $trustedcerts.Add($cert)
+                     $trustedcerts.Add($cert) | Out-Null
                  }
               }
-               Set-TrustAuthorityKeyProviderServerCertificate -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $trustedcerts -Server $blueserver
+
               $cmd = {Set-TrustAuthorityKeyProviderServerCertificate -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $trustedcerts -Server $blueserver -ErrorAction:Continue}
               LogAndRunCmdlet $cmd
            }
            $kmipPwd = Read-Host "Enter the password of Trust Authority Key Provider $($_.Name) (Return if none)" -AsSecureString
            if ($kmipPwd.Length -gt 0) {
-               Set-TrustAuthorityKeyProvider -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -KmipServerPassword $kmipPwd -Server $blueserver
+               LogAndRunCmdlet {Set-TrustAuthorityKeyProvider -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -KmipServerPassword $kmipPwd -Server $blueserver -ErrorAction:Continue}
            }
         }
      }
      if ($principals -ne $null) {
         foreach ($_ in $principals) {
            $chainList = [System.Collections.ArrayList]@()
            foreach ($str in $_.certRawData) {
               $chain = ConvertTo-X509Chain -certString $str
               $silent = $chainList.Add($chain)
            }
            New-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Name $_.Name -Domain $_.Domain -Issuer $_.Issuer -CertificateChain $chainList -Type $_.Type -Server $blueserver -Confirm:$false
         }
      }
      if ($tpm2Setting -ne $null) {
-         Set-TrustAuthorityTpm2AttestationSettings -RequireCertificateValidation:$tpm2Setting.RequireCertificateValidation -RequireEndorsementKey:$tpm2Setting.RequireEndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Confirm:$false
+         $cmd = {Set-TrustAuthorityTpm2AttestationSettings -RequireCertificateValidation:$tpm2Setting.RequireCertificateValidation -RequireEndorsementKey:$tpm2Setting.RequireEndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Server $blueserver -Confirm:$false -ErrorAction:Continue}
         LogAndRunCmdlet $cmd
      }
      if ($tpm2CA -ne $null) {
-         foreach ($_ in $tpm2CA) {
+         $tpm2CA | Foreach-Object {
-            $chain = ConvertTo-X509Chain $_.certRawData
+            $ca = $_
-            New-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -CertificateChain $chain -Name $_.Name -Server $blueserver -Confirm:$false
+            $chain = ConvertTo-X509Chain $ca.certRawData
            $cmd = {New-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -CertificateChain $chain -Name $ca.Name -Server $blueserver -Confirm:$false -ErrorAction:Continue}
            LogAndRunCmdlet $cmd
         }
      }
      if ($tpm2Ek -ne $null) {
-         foreach ($_ in $tpm2Ek) {
+         $tpm2Ek | Foreach-Object {
-            New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Name $_.Name -PublicKey $_.PublicKey -Server $blueserver -Confirm:$false
+            $ek = $_
            $publicKey = $ek.PublicKey
            $cmd = {New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Name $ek.Name -PublicKey $publicKey -Server $blueserver -Confirm:$false -ErrorAction:Continue}
            LogAndRunCmdlet $cmd
         }
      }
      if ($baseImages -ne $null) {
-         New-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -FilePath $baseImageFolder -Server $blueserver -Confirm:$false
+         $cmd = {New-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -FilePath $baseImageFolder -Server $blueserver -Confirm:$false -ErrorAction:Continue}
         LogAndRunCmdlet $cmd
      }
      if ($principals -ne $null) {
         $errorBeforeExecution = $Global:error.Clone()
         $Global:error.Clear()
         $principals | Foreach-Object {
            $p = $_
            $chainList = [System.Collections.ArrayList]@()
            $p.certRawData | Foreach-Object {
               $str = $_
               $chain = ConvertTo-X509Chain -certString $str
               $chainList.Add($chain) | Out-Null
            }
            $cmd = {New-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Name $p.Name -Domain $p.Domain -Issuer $p.Issuer -CertificateChain $chainList -Type $p.Type -Server $blueserver -Confirm:$false -ErrorAction:Continue}
            $newPrincipal = LogAndRunCmdlet $cmd
            CheckNewTrustAuthorityPrincipalResult -TAPrincipal $newPrincipal
         }
         $Global:error.AddRange($errorBeforeExecution)
      }
   }
 }
@@ -594,21 +577,16 @@ Function Apply-TrustedClusterSettings {
   <#
   .SYNOPSIS
       This cmdlet applies the settings in the specific $SettingsFile to a Trusted Cluster.
   .DESCRIPTION
       This cmdlet applies the settings in the specific $SettingsFile to a Trusted Cluster
   .PARAMETER TrustedCluster
       Specifies the Trusted Cluster you want to apply the settings.
   .PARAMETER SettingsFile
       Specifies the file having the settings you want to apply.
   .EXAMPLE
       PS C:\> $ts = Get-TrustedCluster "mycluster"
       PS C:\> Apply-TrustedClusterSettings -TrustedCluster $ts -SettingsFile "c:\myfile.json"
       Applies the settings in file c:\myfile.json to Trusted Cluster "mycluster".
   .NOTES
       Author                                    : Carrie Yang
       Author email                              : yangm@vmware.com
@@ -637,18 +615,59 @@ Function Apply-TrustedClusterSettings {
      }
      if ($jsonObj.TrustedCluster.AttestationServiceInfo -ne $null) {
-         $attests = Get-AttestationServiceInfo | where {$($_.Name) -in $($jsonObj.TrustedCluster.AttestationServiceInfo)}
+         $attests = Get-AttestationServiceInfo -Server $greenvc | Where-Object {$($_.Name) -in $($jsonObj.TrustedCluster.AttestationServiceInfo)}
-         Add-TrustedClusterAttestationServiceInfo -TrustedCluster $TrustedCluster -AttestationServiceInfo $attests -Confirm:$false -Server $greenvc
+         $cmd = {Add-TrustedClusterAttestationServiceInfo -TrustedCluster $TrustedCluster -AttestationServiceInfo $attests -Confirm:$false -Server $greenvc -ErrorAction:Continue}
         LogAndRunCmdlet $cmd
      }
      if ($jsonObj.TrustedCluster.KeyProviderServiceInfo -ne $null) {
-         $kms = Get-KeyProviderServiceInfo | where {$($_.Name) -in $($jsonObj.TrustedCluster.KeyProviderServiceInfo)}
+         $kms = Get-KeyProviderServiceInfo -Server $greenvc | Where-Object {$($_.Name) -in $($jsonObj.TrustedCluster.KeyProviderServiceInfo)}
-         Add-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $kms -Confirm:$false -Server $greenvc
+         $cmd = {Add-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $kms -Confirm:$false -Server $greenvc -ErrorAction:Continue}
         LogAndRunCmdlet $cmd
      }
   }
 }
 Function LogAndRunCmdlet {
   [CmdLetBinding()]
   Param (
      [Parameter(Mandatory=$True)]
      [ScriptBlock] $CmdBlock
   )
   Process {
      Write-Host "Running cmdlet: $CmdBlock"
      & $CmdBlock
   }
 }
 Function CheckNewTrustAuthorityPrincipalResult {
   [CmdLetBinding()]
   Param (
      [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)][AllowNull()]
      [VMware.VimAutomation.Security.Types.V1.TrustedInfrastructure.TrustAuthorityPrincipal] $TAPrincipal
   )
   Begin {
      $expectedCmdName = "NewTrustAuthorityPrincipal"
      $expectedError = "com.vmware.esx.authentication.trust.security_token_issuers.issuer_already_exists"
   }
   Process {
      $err = $Global:Error[0]
      if (($TAPrincipal -eq $null) -and ($($err.Exception.TargetSite.Name) -eq $expectedCmdName)) {
         if ($($err.Exception.InnerException) -match $expectedError) {
            Write-Error "Operation didn't complete successfully. This is a known issue. Refer to https://kb.vmware.com/s/article/77146 to recover the host, then rerun New-TrustAuthorityPrincipal cmdlet to create the TrustAuthorityPrincipal for the new host please."
         }
      } elseif ($TAPrincipal) {
         $TAPrincipal
      }
   }
 }
 Function Join-VMHost {
   Param (
@@ -660,12 +679,16 @@ Function Join-VMHost {
      [Parameter(Mandatory=$True)]
      [System.Management.Automation.Credential()]
-      $Credential
+      $Credential,
      [Parameter(Mandatory=$True)]
      [ValidateNotNullOrEmpty()]
      [String] $Server
   )
   Process {
      Write-Host "Adding new host $VMHostAddress to cluster $ClusterName..."
-      Add-VMHost -Name $VMHostAddress -Credential $Credential -Location $ClusterName -Force
+      Add-VMHost -Name $VMHostAddress -Credential $Credential -Location $ClusterName -Server $Server -Force
   }
 }
@@ -680,6 +703,7 @@ Function Remove-TrustedClusterSettings {
   Begin {
      $greenvc = GetViServer -clusterUid $TrustedCluster.Uid
      Write-Host "Removing the settings of TrustedCluster $($TrustedCluster.Name)..."
      $TrustedCluster = Get-TrustedCluster $TrustedCluster.Name -Server $greenvc
   }
   Process {
@@ -687,7 +711,7 @@ Function Remove-TrustedClusterSettings {
         Set-TrustedCluster -TrustedCluster $TrustedCluster -State Disabled -Server $greenvc -Confirm:$false
      } else {
         if ($TrustedCluster.KeyProviderServiceInfo -ne $null) {
-            Remove-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $TrustedCluster.KeyProviderServiceInfo -Server $greenvc
+            Remove-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $TrustedCluster.KeyProviderServiceInfo -Server $greenvc -Confirm:$false
         }
      }
   }
@@ -714,23 +738,50 @@ Function IsSelfSignedClientCertificate {
      $privateKeyNotSet = $False
      $kpNames = [System.Collections.ArrayList]@()
      if ($kp -ne $null) {
-         foreach ($k in $kp) {
+         $kp | Foreach-Object {
            $k = $_
            $clientCert = Get-TrustAuthorityKeyProviderClientCertificate -KeyProvider $k -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
            if ($clientCert -ne $null -and !($privateKey -ne $null -and $privateKey.ContainsKey($($k.Name)))) {
               $privateKeyNotSet = $True
-               $silent = $kpNames.Add($k.Name)
+               $kpNames.Add($k.Name) | Out-Null
            }
         }
      }
      if ($privateKeyNotSet) {
         $kpnameStr = [System.String]::join(",", $($kpNames))
-         Write-Warning "For self-signed client certificate, the cmdlet could not be able to establish the trust between the kmip servers and the keyprovider: ($kpnameStr).
+         Write-Warning "For self-signed client certificate, the cmdlet might not be able to establish the trust between the kmip servers and the keyprovider: ($kpnameStr). `nManually try to use followed cmdlets to establish the trust: `n 1. New-TrustAuthorityKeyProviderClientCertificate;`n 2. Get-TrustAuthorityKeyProviderClientCertificate; `n then make the certificate be signed in kmip servers." -WarningAction Inquire
                        Please manually use these followed cmdlets to establish the trust: New-TrustAuthorityKeyProviderClientCertificate, and Get-TrustAuthorityKeyProviderClientCertificate, then make the certificate be signed in kmip servers." -WarningAction Inquire
      }
   }
 }
 Function Is70AboveServer {
   Param (
      [Parameter(Mandatory=$True)]
      [ValidateNotNullOrEmpty()]
      [String] $VIServer
   )
   Process {
      if ([String]::IsNullOrWhiteSpace($VIServer)) {
         Throw "Please provide a valid vCenter Server!"
      }
      $SI = Get-View Serviceinstance -Server $VIServer
      $apiVersion = [System.Version]$($SI.Content.About.Version)
      $MajorVersion = $apiVersion.Major
      $MinorVersion = $apiVersion.Minor
      $buildNum = $apiVersion.Build
      if (($MajorVersion -lt 7) -or ($MajorVersion -eq 7 -And $MinorVersion -eq 0 -And $buildNum -eq 0)) {
         return $false
      }
      return $true
   }
 }
 Function Check-VMHostVersionAndLicense {
    [CmdLetBinding()]
@@ -743,7 +794,9 @@ Function Check-VMHostVersionAndLicense {
       $Credential,
       [Parameter(Mandatory=$True)]
-       [bool]$CheckLicense
+       [bool]$CheckLicense,
       [bool]$Allow70Above=$true
    )
    Begin {
@@ -759,9 +812,17 @@ Function Check-VMHostVersionAndLicense {
       $MajorVersion = $apiVersion.Major
       $MinorVersion = $apiVersion.Minor
       $buildNum = $apiVersion.Build
-       if ($MajorVersion -lt 7 -And $MinorVersion -ne 0 -And $buildNum -ne 0) {
+
-          Disconnect-VIServer -Server $server -confirm:$false
+       if (!$Allow70Above) {
-          Throw "VMHost of $apiVersion is not supported, only 7.0.0 is supported...`n"
+          if ($MajorVersion -ne 7 -or $MinorVersion -ne 0 -or $buildNum -ne 0) {
             Disconnect-VIServer -Server $server -confirm:$false
             Throw "VMHost of $apiVersion is not supported, only 7.0.0 is supported...`n"
          }
       } else {
          if ($MajorVersion -lt 7) {
             Disconnect-VIServer -Server $server -confirm:$false
             Throw "VMHost of $apiVersion is not supported, only 7.0.0 and above are supported...`n"
          }
       }
       # Check license
@@ -814,21 +875,22 @@ Function Check-TrustAuthorityClusterHealth {
       # Check TrustAuthorityPrincipal's healthy
       $principals = Get-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
-       foreach ($p in $principals) {
+       $principals | Foreach-Object {
-          if ($p.Health -ne 'Ok') {
+          if ($_.Health -ne 'Ok') {
             Throw "The TrustAuthorityPrincipal $($p.Name) is not healthy, please fix it first!"
          }
       }
       # Check TrustAuthorityKeyProvider's healthy
       $kp = Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
-       foreach ($k in $kp) {
+       $kp | Foreach-Object {
          $k = $_
          if ($k.Status.Health -ne 'Ok') {
             Throw "TrustAuthorityKeyProvider $($k.Name) is not healthy, please fix it first!"
          }
-          foreach ($status in $k.Status.ServerStatus) {
+          $k.Status.ServerStatus | Foreach-Object {
-             if ($status.Health -ne 'Ok') {
+             if ($_.Health -ne 'Ok') {
                Throw "The ServerStatus $($status.Name) in TrustAuthorityKeyProvider $($k.Name) is not healthy, please fix it first!"
             }
          }
@@ -843,8 +905,8 @@ Function Check-TrustAuthorityClusterHealth {
       # Check tpm2Ek healthy
       $tpm2Eks = Get-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
       if ($tpm2Eks -ne $null) {
-          foreach ($ek in $tpm2Eks) {
+          $tpm2Eks | Foreach-Object {
-             if ($ek.Health -ne 'Ok') {
+             if ($_.Health -ne 'Ok') {
                Throw "TrustAuthorityTpm2EndorsementKey $($ek.Name) is not healthy, please fix it first!"
             }
          }
@@ -853,8 +915,8 @@ Function Check-TrustAuthorityClusterHealth {
       # Check tpm2CA healthy
       $tpm2cas = Get-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
       if ($tpm2cas -ne $null) {
-          foreach ($ca in $tpm2cas) {
+          $tpm2cas | Foreach-Object {
-             if ($ca.Health -ne 'Ok') {
+             if ($_.Health -ne 'Ok') {
                Throw "TrustAuthorityTpm2CACertificate $($ca.Name) is not healthy, please fix it first!"
             }
          }
@@ -863,8 +925,8 @@ Function Check-TrustAuthorityClusterHealth {
       # Check BaseImage healthy
       $baseImages = Get-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
       if ($baseImages -ne $null) {
-          foreach ($img in $baseImages) {
+          $baseImages | Foreach-Object {
-             if ($img.Health -ne 'Ok') {
+             if ($_.Health -ne 'Ok') {
                Throw "TrustAuthorityVMHostBaseImage $($img.Name) is not healthy, please fix it first!"
             }
          }
@@ -907,7 +969,7 @@ Function GetViServer {
   }
 }
-Function ConfirmIsVCenter{
+Function ConfirmIsVCenter {
   <#
    .SYNOPSIS
       This function confirms the connected VI server is vCenter Server.
@@ -946,11 +1008,11 @@ Function ConvertFrom-X509Chain {
   Process {
      $certStr = $null
-      foreach ($c in $($CertChain.ChainElements)) {
+      $($CertChain.ChainElements) | Foreach-Object {
         if ($certStr -eq $null) {
-            $certStr = [System.Convert]::ToBase64String($($c.Certificate.GetRawCertData()))
+            $certStr = [System.Convert]::ToBase64String($($_.Certificate.GetRawCertData()))
         } else {
-            $certStr = $certStr, [System.Convert]::ToBase64String($($c.Certificate.GetRawCertData()))
+            $certStr = $certStr, [System.Convert]::ToBase64String($($_.Certificate.GetRawCertData()))
         }
      }
@@ -965,18 +1027,18 @@ Function ConvertTo-X509Chain {
   )
   Process {
-      $chain = new-object System.Security.Cryptography.X509Certificates.X509Chain
+      $chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
      if ($certString.Length -gt 0) {
         for ($i = 0; $i -lt $certString.Length - 1; $i++ ) {
            $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
            $cert.Import([System.Text.Encoding]::Default.GetBytes($certString[$i].replace("\n", [Environment]::NewLine)))
-            $silent = $chain.ChainPolicy.ExtraStore.Add($cert)
+            $chain.ChainPolicy.ExtraStore.Add($cert) | Out-Null
         }
      }
      $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
      $cert.Import([System.Text.Encoding]::Default.GetBytes($certString[-1].replace("\n", [Environment]::NewLine)))
-      $silent = $chain.Build($cert)
+      $chain.Build($cert) | Out-Null
      return $chain
   }
@@ -984,12 +1046,11 @@ Function ConvertTo-X509Chain {
 Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost
 # SIG # Begin signature block
 # MIIi9AYJKoZIhvcNAQcCoIIi5TCCIuECAQExDzANBglghkgBZQMEAgEFADB5Bgor
 # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
-# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCwMEx3Ndpn/K5N
+# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDicYU2iA+clsiG
-# T9PigHlgbfEAXX20xwVouOnKKMD48KCCD8swggTMMIIDtKADAgECAhBdqtQcwalQ
+# VfuCJGR5GCDk63j+8YRckQvxLcD5yKCCD8swggTMMIIDtKADAgECAhBdqtQcwalQ
 # C13tonk09GI7MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQK
 # ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg
 # TmV0d29yazEwMC4GA1UEAxMnU3ltYW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBT
@@ -1079,18 +1140,18 @@ Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost
 # YW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBTaWduaW5nIENBAhBdqtQcwalQC13t
 # onk09GI7MA0GCWCGSAFlAwQCAQUAoIGWMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3
 # AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCoGCisGAQQBgjcCAQwx
-# HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIL6r
+# HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIEIQ
-# SvvCSJpAoQz4YvtfQH11/WevM1ULBbGfNUE3j37RMA0GCSqGSIb3DQEBAQUABIIB
+# y4E7C63SmxSxEC+1DBchnh7DW24QhvnHyMjCEuJ+MA0GCSqGSIb3DQEBAQUABIIB
-# AKUHXKwZcvP2g8/l7dqWyaG7h4q/yJDxaWpk9r1mnUSw1MBR+0AOCm1mquTlpFVH
+# ADwK/sQPu5Vv+Jink4WM/Bf3CvrNgyfZD13TPDsMlt+tSEjghyHQ5/Xz4asgQuKB
-# ZD1KMQWtu1rJDz5A7XAm8/n6LpyqCCHcgMm+hiEjA8r02oTA8vMFch3OR6Z1/aad
+# CSUgh0bJDaDaz9FF1oY9VUHHsonuB4sVhMKevKbXsYVuvUU65tBZ0RN+74RP/3iS
-# tOBkeln18M9kVkQ//uociG89A2LkfE35UKAhnDVcOBNlU0g43n9vSgakNdOOc0ZI
+# rQAADQdIGuKBX1pmOmyE65A6pLWmJ+j05XCagPFboiXdiEcVxfCqRctK8MSyvtzd
-# VC2FD/tn9QPJXtcZ0LAFrCPuiIya+gvQ1aQCALUYi+aLuARNN01KBMRFG9za/JwX
+# HOa2miNTIPEPUTVvqo/9nZCUwFhNN8TwaaOwrkMZv0NOFGk9AaGyQJuHb/IP1y2r
-# L6rwInitQt/BRNDINiuuTI96xBEMq3JjzW9AE8jF1rVqr1ISBgf8ZZUHdnNHiE91
+# cgFGtWA+WgPKftWq1s9Evk7W3WXV/nlKu55zg8K/no2Ug6+7KE0jNGUJJHg/yp6b
-# HxLh4zvDq7SEh2ne6UhOJg6hghAjMIIQHwYKKwYBBAGCNwMDATGCEA8wghALBgkq
+# gO/kfYj4sIwd5RJvOkk45QChghAjMIIQHwYKKwYBBAGCNwMDATGCEA8wghALBgkq
 # hkiG9w0BBwKggg/8MIIP+AIBAzEPMA0GCWCGSAFlAwQCAQUAMIHmBgsqhkiG9w0B
-# CRABBKCB1gSB0zCB0AIBAQYJKwYBBAGgMgIDMDEwDQYJYIZIAWUDBAIBBQAEIII1
+# CRABBKCB1gSB0zCB0AIBAQYJKwYBBAGgMgIDMDEwDQYJYIZIAWUDBAIBBQAEIMSa
-# T46qC5Scv1JNpvu1aNNVzRq4lB1M9EZlbgeSsNYJAg4BbKiJKXgAAAAAAKUUzBgT
+# 32tGkSO0MHzDIAL+rOzowJzdf7nOyZAYmKBTXDbnAg4BbKiJKXgAAAAAAjyk+xgT
-# MjAyMDA0MDIxMDI5MTguNjc5WjADAgEBoGOkYTBfMQswCQYDVQQGEwJKUDEcMBoG
+# MjAyMDEwMTIxMDE3MTEuOTY0WjADAgEBoGOkYTBfMQswCQYDVQQGEwJKUDEcMBoG
 # A1UEChMTR01PIEdsb2JhbFNpZ24gSy5LLjEyMDAGA1UEAxMpR2xvYmFsU2lnbiBU
 # U0EgZm9yIEFkdmFuY2VkIC0gRzMgLSAwMDMtMDGgggxqMIIE6jCCA9KgAwIBAgIM
 # M5Agd2HEJt2UUAMNMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYD
@@ -1162,15 +1223,15 @@ Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost
 # ggKFAgEBMGswWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
 # c2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMjU2
 # IC0gRzICDDOQIHdhxCbdlFADDTANBglghkgBZQMEAgEFAKCB8DAaBgkqhkiG9w0B
-# CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIA4jXM836yg3wGdHIpch
+# CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIJ1Mp8MoZoM8GN+RvFGW
-# UiliyMiFAI2ifPJZqDcXgJ1ZMIGgBgsqhkiG9w0BCRACDDGBkDCBjTCBijCBhwQU
+# kxLQOL4htvdgNS1G5j3jevwAMIGgBgsqhkiG9w0BCRACDDGBkDCBjTCBijCBhwQU
 # rmsC2QsljAmRsRYSid62aVY5HW8wbzBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNV
 # BAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0
 # YW1waW5nIENBIC0gU0hBMjU2IC0gRzICDDOQIHdhxCbdlFADDTANBgkqhkiG9w0B
-# AQEFAASCAQB89B/P9T38HdPsMvwHePaxCuxvcVOb0tWYORy4h/6961Hr8+uJi3g8
+# AQEFAASCAQCw0o79lMBljtr86gcDxeF2/v1wLaLJaxTvwLJ3bYLabHR5wZUv42aO
-# oPQl5tMvsUObcO+hMG8YyXfRpQRr5YrHeWpUGdQzMMHb+gC540P+r3jm6iWoKtpR
+# 3KEMzeIvLN9/mMSn7rq6vcWGZSAZVvWecDntZE9OYU7i4cQdRucXctFGpoTN6MKF
-# 1WGSnQQUqKaB7a4wZtQoizzSm9a7hB4JEcDtb2Qh2jmSr4yhMx7XmFMLo7NVlEnW
+# yeX3vMbe7YfBPGJkNB6HfYp4qWy6CkWWlWXgK1MOKo+HQFORkZtDqqpoUa3soqVl
-# lS6kTYR9kE4qTagRIOZW5iIUjcAaVn/uhNAOZUjatErU8c/a8vJ7TxtPj4YSaK0J
+# IeCMCcJjJIrSd3LA8NFYtOUfPXRmdhcn10xke3vTBO4T7pTLdymcm3x909UN+0cE
-# IeC+HeUYNRrjwtSgmnU+j/xg1Jo9zUoCGJHBIEJ9iwzgCeRLJuqHKUZiAGBZm09F
+# xIe2wMG3D3XxSN+Rx5+iz9thPISgVdOgJLP4FxQ5fU1ci56k35wXQeDnHQFyQTO+
-# EzycbyZmxfS5ui4MX5wSMdO1ETnvkbRc
+# uF+EWBmAiBQ6cGTiYvDOZSG2Ody3NSPn
 # SIG # End signature block
--- a/Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psd1
+++ b/Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psd1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.VMC.NSXT'
 #
--- a/Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psm1
+++ b/Modules/VMware.VMC.NSXT/VMware.VMC.NSXT.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Connect-NSXTProxy {
 <#
    .NOTES
@@ -83,13 +87,14 @@ Function Get-NSXTSegment {
    If (-Not $global:nsxtProxyConnection) { Write-error "No NSX-T Proxy Connection found, please use Connect-NSXTProxy" } Else {
        $method = "GET"
-        $segmentsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/tier-1s/cgw/segments"
+        $segmentsURL = $global:nsxtProxyConnection.Server + "/policy/api/v1/infra/tier-1s/cgw/segments?page_size=100"
        if($Troubleshoot) {
            Write-Host -ForegroundColor cyan "`n[DEBUG] - $METHOD`n$segmentsURL`n"
        }
        try {
            Write-Host "Retrieving NSX-T Segments ..."
            if($PSVersionTable.PSEdition -eq "Core") {
                $requests = Invoke-WebRequest -Uri $segmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
            } else {
@@ -107,14 +112,53 @@ Function Get-NSXTSegment {
        }
        if($requests.StatusCode -eq 200) {
-            $segments = ($requests.Content | ConvertFrom-Json).results
+            $baseSegmentsURL = $segmentsURL
            $totalSegmentCount = ($requests.Content | ConvertFrom-Json).result_count
            if($Troubleshoot) {
                Write-Host -ForegroundColor cyan "`n[DEBUG] totalSegmentCount = $totalSegmentCount"
            }
            $totalSegments = ($requests.Content | ConvertFrom-Json).results
            $seenSegments = $totalSegments.count
            if($Troubleshoot) {
                Write-Host -ForegroundColor cyan "`n[DEBUG] $segmentsURL (currentCount = $seenSegments)"
            }
            while ( $seenSegments -lt $totalSegmentCount) {
                $segmentsURL = $baseSegmentsURL + "&cursor=$(($requests.Content | ConvertFrom-Json).cursor)"
                try {
                    if($PSVersionTable.PSEdition -eq "Core") {
                        $requests = Invoke-WebRequest -Uri $segmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers -SkipCertificateCheck
                    } else {
                        $requests = Invoke-WebRequest -Uri $segmentsURL -Method $method -Headers $global:nsxtProxyConnection.headers
                    }
                } catch {
                    if($_.Exception.Response.StatusCode -eq "Unauthorized") {
                        Write-Host -ForegroundColor Red "`nThe NSX-T Proxy session is no longer valid, please re-run the Connect-NSXTProxy cmdlet to retrieve a new token`n"
                        break
                    } else {
                        Write-Error "Error in retrieving NSX-T Segments"
                        Write-Error "`n($_.Exception.Message)`n"
                        break
                    }
                }
                $segments = ($requests.Content | ConvertFrom-Json).results
                $totalSegments += $segments
                $seenSegments += $segments.count
                if($Troubleshoot) {
                    Write-Host -ForegroundColor cyan "`n[DEBUG] $segmentsURL (currentCount = $seenSegments)"
                }
            }
            if ($PSBoundParameters.ContainsKey("Name")){
-                $segments = $segments | where {$_.display_name -eq $Name}
+                $totalSegments = $totalSegments | where {$_.display_name -eq $Name}
            }
            $results = @()
-            foreach ($segment in $segments) {
+            foreach ($segment in $totalSegments) {
                $subnets = $segment.subnets
                $network = $subnets.network
@@ -877,7 +921,7 @@ Function New-NSXTGroup {
        [Parameter(Mandatory=$true, ParameterSetName='IPAddress')][String[]]$IPAddress,
        [Parameter(Mandatory=$true, ParameterSetName='Tag')][String]$Tag,
        [Parameter(Mandatory=$true, ParameterSetName='VmName')][String]$VmName,
-        [Parameter(Mandatory=$true, ParameterSetName='VmName')][ValidateSet('CONTAINS','STARTSWITH')][String]$Operator,
+        [Parameter(Mandatory=$true, ParameterSetName='VmName')][ValidateSet('CONTAINS','STARTSWITH','EQUALS')][String]$Operator,
        [Switch]$Troubleshoot
    )
--- a/Modules/VMware.VMC/VMware.VMC.psd1
+++ b/Modules/VMware.VMC/VMware.VMC.psd1
--- a/Modules/VMware.VMC/VMware.VMC.psm1
+++ b/Modules/VMware.VMC/VMware.VMC.psm1
@@ -1,3 +1,7 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Get-VMCCommand {
 <#
    .NOTES
--- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1
+++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.VMEncryption'
 #
--- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1
+++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # Script Module : VMware.VMEncryption
 # Version       : 1.2
@@ -1264,7 +1269,7 @@ Function Get-EntityByCryptoKey {
       $VMList += $VMs|Where {$_.EncryptionKeyId|MatchKeys -KeyId $keyId -KMSClusterId $KMSClusterId}
       $VMList += $VMDiskList.Parent
-       $VMList = $VMList|sort|Get-Unique
+       $VMList = $VMList|sort-object|Get-Unique
       $Entities.VMList = $VMList
    }
--- a/Modules/VMware.VsanEncryption/VMware.VsanEncryption.psd1
+++ b/Modules/VMware.VsanEncryption/VMware.VsanEncryption.psd1
--- a/Modules/VMware.VsanEncryption/VMware.VsanEncryption.psm1
+++ b/Modules/VMware.VsanEncryption/VMware.VsanEncryption.psm1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 # Script Module : VMware.VsanEncryption
 # Version       : 1.0
 # Author        : Jase McCarty, VMware Storage & Availability Business Unit
--- a/Modules/VMware.WorkloadManagement/VMware.WorkloadManagement.psd1
+++ b/Modules/VMware.WorkloadManagement/VMware.WorkloadManagement.psd1
@@ -0,0 +1,95 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.WorkloadManagement'
 #
 # Generated by: wlam@vmware.com
 #
 # Generated on: 05/19/20
 #
@{
 # Script module or binary module file associated with this manifest.
 RootModule = 'VMware.WorkloadManagement.psm1'
 # Version number of this module.
 ModuleVersion = '1.0.0'
 # Supported PSEditions
 # CompatiblePSEditions = @()
 # ID used to uniquely identify this module
 GUID = 'VMware.WorkloadManagement'
 # Author of this module
 Author = 'William Lam'
 # Company or vendor of this module
 CompanyName = 'VMware'
 # Copyright statement for this module
 Copyright = '(c) 2020 VMware. All rights reserved.'
 # Description of the functionality provided by this module
 Description = 'PowerShell Module for vSphere with Kubernetes Workload Management'
 # Minimum version of the Windows PowerShell engine required by this module
 PowerShellVersion = '6.0'
 # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
 FunctionsToExport = 'New-WorkloadManagement','Get-WorkloadManagement','Remove-WorkloadManagement'
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
 CmdletsToExport = @()
 # Variables to export from this module
 VariablesToExport = '*'
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = @()
 # DSC resources to export from this module
 # DscResourcesToExport = @()
 # List of all modules packaged with this module
 # ModuleList = @()
 # List of all files packaged with this module
 # FileList = @()
 # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
 PrivateData = @{
    PSData = @{
        # Tags applied to this module. These help with module discovery in online galleries.
        # Tags = @()
        # A URL to the license for this module.
        # LicenseUri = ''
        # A URL to the main website for this project.
        # ProjectUri = ''
        # A URL to an icon representing this module.
        # IconUri = ''
        # ReleaseNotes of this module
        # ReleaseNotes = ''
    } # End of PSData hashtable
 } # End of PrivateData hashtable
 # HelpInfo URI of this module
 # HelpInfoURI = ''
 # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
 # DefaultCommandPrefix = ''
 }
--- a/Modules/VMware.WorkloadManagement/VMware.WorkloadManagement.psm1
+++ b/Modules/VMware.WorkloadManagement/VMware.WorkloadManagement.psm1
@@ -0,0 +1,360 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function New-WorkloadManagement {
    <#
        .NOTES
        ===========================================================================
        Created by:    William Lam
        Date:          05/19/2020
        Organization:  VMware
        Blog:          http://www.virtuallyghetto.com
        Twitter:       @lamw
        ===========================================================================
        .SYNOPSIS
            Enable Workload Management on vSphere 7 Cluster
        .DESCRIPTION
            Enable Workload Management on vSphere 7 Cluster
        .PARAMETER ClusterName
            Name of vSphere Cluster to enable Workload Management
        .PARAMETER ControlPlaneSize
            Size of Control Plane VMs (TINY, SMALL, MEDIUM, LARGE)
        .PARAMETER MgmtNetwork
            Management Network for Control Plane VMs
        .PARAMETER MgmtNetworkStartIP
            Starting IP Address for Control Plane VMs (5 consecutive free addresses)
        .PARAMETER MgmtNetworkSubnet
            Netmask for Management Network
        .PARAMETER MgmtNetworkGateway
            Gateway for Management Network
        .PARAMETER MgmtNetworkDNS
            DNS Server(s) to use for Management Network
        .PARAMETER MgmtNetworkDNSDomain
            DNS Domain(s)
        .PARAMETER MgmtNetworkNTP
            NTP Server(s)
        .PARAMETER WorkloadNetworkVDS
            Name of vSphere 7 Distributed Virtual Switch (VDS) configured with NSX-T
        .PARAMETER WorkloadNetworkEdgeCluster
            Name of NSX-T Edge Cluster
        .PARAMETER WorkloadNetworkDNS
            DNS Server(s) to use for Workloads
        .PARAMETER WorkloadNetworkPodCIDR
            K8s POD CIDR (default: 10.244.0.0/21)
        .PARAMETER WorkloadNetworkServiceCIDR
            K8S Service CIDR (default: 10.96.0.0/24)
        .PARAMETER WorkloadNetworkIngressCIDR
            CIDR for Workload Ingress (recommend /27 or larger)
        .PARAMETER WorkloadNetworkEgressCIDR
            CIDR for Workload Egress (recommend /27 or larger)
        .PARAMETER ControlPlaneStoragePolicy
            Name of VM Storage Policy to use for Control Plane VMs
        .PARAMETER EphemeralDiskStoragePolicy
            Name of VM Storage Policy to use for Ephemeral Disk
        .PARAMETER ImageCacheStoragePolicy
            Name of VM Storage Policy to use for Image Cache
        .PARAMETER LoginBanner
            Login message to show during kubectl login
        .EXAMPLE
            New-WorkloadManagement `
                -ClusterName "Workload-Cluster" `
                -ControlPlaneSize TINY `
                -MgmtNetwork "DVPG-Management Network" `
                -MgmtNetworkStartIP "172.17.36.51" `
                -MgmtNetworkSubnet "255.255.255.0" `
                -MgmtNetworkGateway "172.17.36.253" `
                -MgmtNetworkDNS "172.17.31.5" `
                -MgmtNetworkDNSDomain "cpub.corp" `
                -MgmtNetworkNTP "5.199.135.170" `
                -WorkloadNetworkVDS "Pacific-VDS" `
                -WorkloadNetworkEdgeCluster "Edge-Cluster-01" `
                -WorkloadNetworkDNS "172.17.31.5" `
                -WorkloadNetworkIngressCIDR "172.17.36.64/27" `
                -WorkloadNetworkEgressCIDR "172.17.36.96/27" `
                -ControlPlaneStoragePolicy "pacific-gold-storage-policy" `
                -EphemeralDiskStoragePolicy "pacific-gold-storage-policy" `
                -ImageCacheStoragePolicy "pacific-gold-storage-policy"
    #>
    Param (
        [Parameter(Mandatory=$True)]$ClusterName,
        [Parameter(Mandatory=$True)][ValidateSet("TINY","SMALL","MEDIUM","LARGE")][string]$ControlPlaneSize,
        [Parameter(Mandatory=$True)]$MgmtNetwork,
        [Parameter(Mandatory=$True)]$MgmtNetworkStartIP,
        [Parameter(Mandatory=$True)]$MgmtNetworkSubnet,
        [Parameter(Mandatory=$True)]$MgmtNetworkGateway,
        [Parameter(Mandatory=$True)][string[]]$MgmtNetworkDNS,
        [Parameter(Mandatory=$True)][string[]]$MgmtNetworkDNSDomain,
        [Parameter(Mandatory=$True)][string[]]$MgmtNetworkNTP,
        [Parameter(Mandatory=$True)]$WorkloadNetworkVDS,
        [Parameter(Mandatory=$True)]$WorkloadNetworkEdgeCluster,
        [Parameter(Mandatory=$True)][string[]]$WorkloadNetworkDNS,
        [Parameter(Mandatory=$False)]$WorkloadNetworkPodCIDR="10.244.0.0/21",
        [Parameter(Mandatory=$False)]$WorkloadNetworkServiceCIDR="10.96.0.0/24",
        [Parameter(Mandatory=$True)]$WorkloadNetworkIngressCIDR,
        [Parameter(Mandatory=$True)]$WorkloadNetworkEgressCIDR,
        [Parameter(Mandatory=$True)]$ControlPlaneStoragePolicy,
        [Parameter(Mandatory=$True)]$EphemeralDiskStoragePolicy,
        [Parameter(Mandatory=$True)]$ImageCacheStoragePolicy,
        [Parameter(Mandatory=$False)]$LoginBanner
    )
    If (-Not $global:DefaultCisServers) { Write-error "No CiS Connection found, please use Connect-CisServer`n" } Else {
        # Management Network Moref
        $networkService = Get-CisService "com.vmware.vcenter.network"
        $networkFilterSpec = $networkService.help.list.filter.Create()
        $networkFilterSpec.names = @("$MgmtNetwork")
        $mgmtNetworkMoRef = $networkService.list($networkFilterSpec).network.Value
        if ($mgmtNetworkMoRef -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find vSphere Cluster ${MgmtNetwork}"
            break
        }
        # Cluster Moref
        $clusterService = Get-CisService "com.vmware.vcenter.cluster"
        $clusterFilterSpec = $clusterService.help.list.filter.Create()
        $clusterFilterSpec.names = @("$ClusterName")
        $clusterMoRef = $clusterService.list($clusterFilterSpec).cluster.Value
        if ($clusterMoRef -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find vSphere Cluster ${ClusterName}"
            break
        }
        # VDS MoRef
        $vdsCompatService = Get-CisService "com.vmware.vcenter.namespace_management.distributed_switch_compatibility"
        $vdsMoRef = ($vdsCompatService.list($clusterMoref)).distributed_switch.Value
        if ($vdsMoRef -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find VDS ${WorkloadNetworkVDS}"
            break
        }
        # NSX-T Edge Cluster
        $edgeClusterService = Get-CisService "com.vmware.vcenter.namespace_management.edge_cluster_compatibility"
        $edgeClusterMoRef = ($edgeClusterService.list($clusterMoref,$vdsMoRef)).edge_cluster.Value
        if ($edgeClusterMoRef -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find NSX-T Edge Cluster ${WorkloadNetworkEdgeCluster}"
            break
        }
        # VM Storage Policy MoRef
        $storagePolicyService = Get-CisService "com.vmware.vcenter.storage.policies"
        $sps= $storagePolicyService.list()
        $cpSP = ($sps | where {$_.name -eq $ControlPlaneStoragePolicy}).Policy.Value
        $edSP = ($sps | where {$_.name -eq $EphemeralDiskStoragePolicy}).Policy.Value
        $icSP = ($sps | where {$_.name -eq $ImageCacheStoragePolicy}).Policy.Value
        if ($cpSP -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find VM Storage Policy ${ControlPlaneStoragePolicy}"
            break
        }
        if ($edSP -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find VM Storage Policy ${EphemeralDiskStoragePolicy}"
            break
        }
        if ($icSP -eq $NULL) {
            Write-Host -ForegroundColor Red "Unable to find VM Storage Policy ${ImageCacheStoragePolicy}"
            break
        }
        $nsmClusterService = Get-CisService "com.vmware.vcenter.namespace_management.clusters"
        $spec = $nsmClusterService.help.enable.spec.Create()
        $spec.size_hint = $ControlPlaneSize
        $spec.network_provider = "NSXT_CONTAINER_PLUGIN"
        $mgmtNetworkSpec = $nsmClusterService.help.enable.spec.master_management_network.Create()
        $mgmtNetworkSpec.mode = "STATICRANGE"
        $mgmtNetworkSpec.network =  $mgmtNetworkMoRef
        $mgmtNetworkSpec.address_range.starting_address = $MgmtNetworkStartIP
        $mgmtNetworkSpec.address_range.address_count = 5
        $mgmtNetworkSpec.address_range.subnet_mask = $MgmtNetworkSubnet
        $mgmtNetworkSpec.address_range.gateway = $MgmtNetworkGateway
        $spec.master_management_network = $mgmtNetworkSpec
        $spec.master_DNS = $MgmtNetworkDNS
        $spec.master_DNS_search_domains = $MgmtNetworkDNSDomain
        $spec.master_NTP_servers = $MgmtNetworkNTP
        $spec.ncp_cluster_network_spec.cluster_distributed_switch = $vdsMoRef
        $spec.ncp_cluster_network_spec.nsx_edge_cluster = $edgeClusterMoRef
        $spec.worker_DNS = $WorkloadNetworkDNS
        $serviceCidrSpec = $nsmClusterService.help.enable.spec.service_cidr.Create()
        $serviceAddress,$servicePrefix = $WorkloadNetworkServiceCIDR.split("/")
        $serviceCidrSpec.address = $serviceAddress
        $serviceCidrSpec.prefix = $servicePrefix
        $spec.service_cidr = $serviceCidrSpec
        $podCidrSpec = $nsmClusterService.help.enable.spec.ncp_cluster_network_spec.pod_cidrs.Element.Create()
        $podAddress,$podPrefix = $WorkloadNetworkPodCIDR.split("/")
        $podCidrSpec.address = $podAddress
        $podCidrSpec.prefix = $podPrefix
        $spec.ncp_cluster_network_spec.pod_cidrs = @($podCidrSpec)
        $egressCidrSpec = $nsmClusterService.help.enable.spec.ncp_cluster_network_spec.egress_cidrs.Element.Create()
        $egressAddress,$egressPrefix = $WorkloadNetworkEgressCIDR.split("/")
        $egressCidrSpec.address = $egressAddress
        $egressCidrSpec.prefix = $egressPrefix
        $spec.ncp_cluster_network_spec.egress_cidrs = @($egressCidrSpec)
        $ingressCidrSpec = $nsmClusterService.help.enable.spec.ncp_cluster_network_spec.ingress_cidrs.Element.Create()
        $ingressAddress,$ingressPrefix = $WorkloadNetworkIngressCIDR.split("/")
        $ingressCidrSpec.address = $ingressAddress
        $ingressCidrSpec.prefix = $ingressPrefix
        $spec.ncp_cluster_network_spec.ingress_cidrs = @($ingressCidrSpec)
        $spec.master_storage_policy = $cpSP
        $spec.ephemeral_storage_policy = $edSP
        $imagePolicySpec = $nsmClusterService.help.enable.spec.image_storage.Create()
        $imagePolicySpec.storage_policy = $icSP
        $spec.image_storage = $imagePolicySpec
        if($LoginBanner -eq $NULL) {
            $LoginBanner = "
            " + [char]::ConvertFromUtf32(0x1F973) + "vSphere with Kubernetes Cluster enabled by virtuallyGhetto " + [char]::ConvertFromUtf32(0x1F973) + "
 "
        }
        $spec.login_banner = $LoginBanner
        try {
            Write-Host -Foreground Green "`nEnabling Workload Management on vSphere Cluster ${ClusterName} ..."
            $nsmClusterService.enable($clusterMoRef,$spec)
        } catch {
            Write-Error "Error in attempting to enable Workload Management on vSphere Cluster ${ClusterName}"
            Write-Error "`n($_.Exception.Message)`n"
            break
        }
        Write-Host -Foreground Green "Please refer to the Workload Management UI in vCenter Server to monitor the progress of this operation"
    }
 }
 Function Get-WorkloadManagement {
    <#
        .NOTES
        ===========================================================================
        Created by:    William Lam
        Date:          05/19/2020
        Organization:  VMware
        Blog:          http://www.virtuallyghetto.com
        Twitter:       @lamw
        ===========================================================================
        .SYNOPSIS
            Retrieve all Workload Management Clusters
        .DESCRIPTION
            Retrieve all Workload Management Clusters
        .PARAMETER Stats
            Output additional stats pertaining to CPU, Memory and Storage
        .EXAMPLE
            Get-WorkloadManagement
        .EXAMPLE
            Get-WorkloadManagement -Stats
    #>
    Param (
        [Switch]$Stats
    )
    If (-Not $global:DefaultCisServers) { Write-error "No CiS Connection found, please use Connect-CisServer`n" } Else {
        If (-Not $global:DefaultVIServers) { Write-error "No VI Connection found, please use Connect-VIServer`n" } Else {
            $nssClusterService = Get-CisService "com.vmware.vcenter.namespace_management.software.clusters"
            $nsInstanceService = Get-CisService "com.vmware.vcenter.namespaces.instances"
            $nsmClusterService = Get-CisService "com.vmware.vcenter.namespace_management.clusters"
            $wlClusters = $nsmClusterService.list()
            $results = @()
            foreach ($wlCluster in $wlClusters) {
                $workloadClusterId = $wlCluster.cluster
                $vSphereCluster = Get-Cluster | where {$_.id -eq "ClusterComputeResource-${workloadClusterId}"}
                $workloadCluster = $nsmClusterService.get($workloadClusterId)
                $nsCount = ($nsInstanceService.list() | where {$_.cluster -eq $workloadClusterId}).count
                $hostCount = ($vSphereCluster.ExtensionData.Host).count
                if($workloadCluster.kubernetes_status -ne "ERROR") {
                $k8sVersion = $nssClusterService.get($workloadClusterId).current_version
                } else { $k8sVersion = "UNKNOWN" }
                $tmp = [pscustomobject] @{
                    NAME = $vSphereCluster.name;
                    NAMESPACES = $nsCount;
                    HOSTS = $hostCount;
                    CONTROL_PLANE_IP = $workloadCluster.api_server_cluster_endpoint;
                    CLUSTER_STATUS = $workloadCluster.config_status;
                    K8S_STATUS = $workloadCluster.kubernetes_status;
                    VERSION = $k8sVersion;
                }
                if($Stats) {
                    $tmp | Add-Member -NotePropertyName CPU_CAPACITY -NotePropertyValue $workloadCluster.stat_summary.cpu_capacity
                    $tmp | Add-Member -NotePropertyName MEM_CAPACITY -NotePropertyValue $workloadCluster.stat_summary.memory_capacity
                    $tmp | Add-Member -NotePropertyName STORAGE_CAPACITY -NotePropertyValue $workloadCluster.stat_summary.storage_capacity
                    $tmp | Add-Member -NotePropertyName CPU_USED -NotePropertyValue $workloadCluster.stat_summary.cpu_used
                    $tmp | Add-Member -NotePropertyName MEM_USED -NotePropertyValue $workloadCluster.stat_summary.memory_used
                    $tmp | Add-Member -NotePropertyName STORAGE_USED -NotePropertyValue $workloadCluster.stat_summary.storage_used
                }
                $results+=$tmp
            }
            $results
        }
    }
 }
 Function Remove-WorkloadManagement {
    <#
        .NOTES
        ===========================================================================
        Created by:    William Lam
        Date:          05/19/2020
        Organization:  VMware
        Blog:          http://www.virtuallyghetto.com
        Twitter:       @lamw
        ===========================================================================
        .SYNOPSIS
            Disable Workload Management on vSphere Cluster
        .DESCRIPTION
            Disable Workload Management on vSphere Cluster
        .PARAMETER ClusterName
            Name of vSphere Cluster to disable Workload Management
        .EXAMPLE
            Remove-WorkloadManagement -ClusterName "Workload-Cluster"
    #>
    Param (
        [Parameter(Mandatory=$True)]$ClusterName
    )
    If (-Not $global:DefaultCisServers) { Write-error "No CiS Connection found, please use Connect-CisServer`n" } Else {
        $vSphereCluster = Get-Cluster | where {$_.Name -eq $ClusterName}
        if($vSphereCluster -eq $null) {
            Write-Host -ForegroundColor Red "Unable to find vSphere Cluster ${ClusterName}"
            break
        }
        $vSphereClusterID = ($vSphereCluster.id).replace("ClusterComputeResource-","")
        $nsmClusterService = Get-CisService "com.vmware.vcenter.namespace_management.clusters"
        $workloadClusterID = ($nsmClusterService.list() | where {$_.cluster -eq $vSphereClusterID}).cluster.Value
        if($workloadClusterID -eq $null) {
            Write-Host -ForegroundColor Red "Unable to find Workload Management Cluster ${ClusterName}"
            break
        }
        try {
            Write-Host -Foreground Green "`nDisabling Workload Management on vSphere Cluster ${ClusterName} ..."
            $nsmClusterService.disable($workloadClusterID)
        } catch {
            Write-Error "Error in attempting to disable Workload Management on vSphere Cluster ${ClusterName}"
            Write-Error "`n($_.Exception.Message)`n"
            break
        }
        Write-Host -Foreground Green "Please refer to the Workload Management UI in vCenter Server to monitor the progress of this operation"
    }
 }
--- a/Modules/VMware.WorkspaceOneAccess/VMware.WorkspaceOneAccess.psd1
+++ b/Modules/VMware.WorkspaceOneAccess/VMware.WorkspaceOneAccess.psd1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Module manifest for module 'VMware.HCX'
 #
--- a/Modules/VMware.WorkspaceOneAccess/VMware.WorkspaceOneAccess.psm1
+++ b/Modules/VMware.WorkspaceOneAccess/VMware.WorkspaceOneAccess.psm1
@@ -1,3 +1,8 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 Function Connect-WorkspaceOneAccess {
 <#
    .NOTES
--- a/Modules/VMware.vSphere.SsoAdmin/AuthenticationPolicy.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/AuthenticationPolicy.ps1
@@ -0,0 +1,329 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-SsoAuthenticationPolicy {
    <#
    .NOTES
       ===========================================================================
       Created on:   	7/28/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
    .SYNOPSIS
    Gets Authentication Policy
    .DESCRIPTION
    Gets Authentication Policy.
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
    .EXAMPLE
    Get-SsoAuthenticationPolicy
    Gets the Authentication Policy for the connected servers
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($null -ne $Server) {
            $serversToProcess = $Server
        }
        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }
            # Output is the result of 'GetAuthenticationPolicy'
            try {
                $connection.Client.GetAuthenticationPolicy()
            }
            catch {
                Write-Error (FormatError $_.Exception)
            }
        }
    }
 }
 function Set-SsoAuthenticationPolicy {
    <#
    .NOTES
       ===========================================================================
       Created on:   	7/28/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
    .SYNOPSIS
    Updates Authentication Policy
    .DESCRIPTION
    Updates Authentication Policy settings
    .PARAMETER AuthenticationPolicy
    An AuthenticationPolicy to update retrieved from  Set-SsoAuthenticationPolicy cmdlet
    .PARAMETER PasswordAuthnEnabled
    Enables or disables Password Authentication
    .PARAMETER WindowsAuthnEnabled
    Enables or disables Windows Authentication
    .PARAMETER SmartCardAuthnEnabled
    Enables or disables Smart Card Authentication
    .PARAMETER CRLCacheSize
    Specifies CRL Cache size
    .PARAMETER CRLUrl
    Specifies CRL Url
    .PARAMETER OCSPEnabled
    Enables or disables OCSP
    .PARAMETER OCSPResponderSigningCert
    OCSP Responder Signing Certificate
    .PARAMETER OCSPUrl
    .PARAMETER OIDs
    .PARAMETER SendOCSPNonce
    .PARAMETER TrustedCAs
    .PARAMETER UseCRLAsFailOver,
    .PARAMETER UseInCertCRL
    .EXAMPLE
    $myServer = Connect-SsoAdminServer -Server MyServer -User myUser -Password myPassword
    Get-SsoAuthenticationPolicy -Server $myServer | Set-SsoAuthenticationPolicy -SmartCardAuthnEnabled $true
    Enables SmartCard Authnetication on server $myServer
    #>
    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'AuthenticationPolicy object to update')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.AuthenticationPolicy]
        $AuthenticationPolicy,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Enables or disables Password Authentication')]
        [bool]
        $PasswordAuthnEnabled,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Enables or disables Windows Authentication')]
        [bool]
        $WindowsAuthnEnabled,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Enables or disables Smart Card Authentication')]
        [bool]
        $SmartCardAuthnEnabled,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'CRL Cache size')]
        [int]
        $CRLCacheSize,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'CRL Url')]
        [string]
        $CRLUrl,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Enables or disables OCSP')]
        [bool]
        $OCSPEnabled,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'OCSP Responder Signing Certificate')]
        [System.Security.Cryptography.X509Certificates.X509Certificate2]
        $OCSPResponderSigningCert,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'OCSP Url')]
        [string]
        $OCSPUrl,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'OIDs')]
        [string[]]
        $OIDs,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Enables or disables seinding OCSP Nonce')]
        [bool]
        $SendOCSPNonce,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'List of trusted CAs')]
        [string[]]
        $TrustedCAs,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Specifies whether to use CRL fail over')]
        [bool]
        $UseCRLAsFailOver,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Specifiеs whether to use CRL from certificate')]
        [bool]
        $UseInCertCRL)
    Process {
        try {
            foreach ($a in $AuthenticationPolicy) {
                $ssoAdminClient = $a.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$a' is from disconnected server"
                    continue
                }
                if (-not $PSBoundParameters.ContainsKey('PasswordAuthnEnabled')) {
                    $PasswordAuthnEnabled = $a.PasswordAuthnEnabled
                }
                if (-not $PSBoundParameters.ContainsKey('WindowsAuthnEnabled')) {
                    $WindowsAuthnEnabled = $a.WindowsAuthnEnabled
                }
                if (-not $PSBoundParameters.ContainsKey('SmartCardAuthnEnabled')) {
                    $SmartCardAuthnEnabled = $a.SmartCardAuthnEnabled
                }
                if (-not $PSBoundParameters.ContainsKey('CRLCacheSize')) {
                    $CRLCacheSize = $a.CRLCacheSize
                }
                if (-not $PSBoundParameters.ContainsKey('CRLUrl')) {
                    $CRLUrl = $a.CRLUrl
                }
                if (-not $PSBoundParameters.ContainsKey('OCSPEnabled')) {
                    $OCSPEnabled = $a.OCSPEnabled
                }
                if (-not $PSBoundParameters.ContainsKey('OCSPResponderSigningCert')) {
                    $OCSPResponderSigningCert = $a.OCSPResponderSigningCert
                }
                if (-not $PSBoundParameters.ContainsKey('OCSPUrl')) {
                    $OCSPUrl = $a.OCSPUrl
                }
                if (-not $PSBoundParameters.ContainsKey('OIDs')) {
                    $OIDs = $a.OIDs
                }
                if (-not $PSBoundParameters.ContainsKey('SendOCSPNonce')) {
                    $SendOCSPNonce = $a.SendOCSPNonce
                }
                if (-not $PSBoundParameters.ContainsKey('TrustedCAs')) {
                    $TrustedCAs = $a.TrustedCAs
                }
                if (-not $PSBoundParameters.ContainsKey('UseCRLAsFailOver')) {
                    $UseCRLAsFailOver = $a.UseCRLAsFailOver
                }
                if (-not $PSBoundParameters.ContainsKey('UseInCertCRL')) {
                    $UseInCertCRL = $a.UseInCertCRL
                }
                $ssoAdminClient.SetAuthenticationPolicy(
                    $PasswordAuthnEnabled,
                    $WindowsAuthnEnabled,
                    $SmartCardAuthnEnabled,
                    $CRLCacheSize,
                    $CRLUrl,
                    $OCSPEnabled,
                    $OCSPResponderSigningCert,
                    $OCSPUrl,
                    $OIDs,
                    $SendOCSPNonce,
                    $TrustedCAs,
                    $UseCRLAsFailOver,
                    $UseInCertCRL
                )
                # Output updated policy
                Write-Output ($ssoAdminClient.GetAuthenticationPolicy())
            }
        } catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/Connect.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/Connect.ps1
@@ -0,0 +1,187 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Connect-SsoAdminServer {
    <#
    .NOTES
    ===========================================================================
    Created on:   	9/29/2020
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function establishes a connection to a vSphere SSO Admin server.
    .PARAMETER Server
    Specifies the IP address or the DNS name of the vSphere server to which you want to connect.
    .PARAMETER User
    Specifies the user name you want to use for authenticating with the server.
    .PARAMETER Password
    Specifies the password you want to use for authenticating with the server.
    .PARAMETER Credential
    Specifies a PSCredential object to for authenticating with the server.
    .PARAMETER SkipCertificateCheck
    Specifies whether server Tls certificate validation will be skipped
    .EXAMPLE
    Connect-SsoAdminServer -Server my.vc.server -User myAdmin@vsphere.local -Password MyStrongPa$$w0rd
    Connects 'myAdmin@vsphere.local' user to Sso Admin server 'my.vc.server'
 #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'IP address or the DNS name of the vSphere server')]
        [string]
        $Server,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'User name you want to use for authenticating with the server',
            ParameterSetName = 'UserPass')]
        [string]
        $User,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Password you want to use for authenticating with the server',
            ParameterSetName = 'UserPass')]
        [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
        [SecureString]
        $Password,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PSCredential object to use for authenticating with the server',
            ParameterSetName = 'Credential')]
        [PSCredential]
        $Credential,
        [Parameter(
            Mandatory = $false,
            HelpMessage = 'Skips server Tls certificate validation')]
        [switch]
        $SkipCertificateCheck)
    Process {
        $certificateValidator = $null
        if ($SkipCertificateCheck) {
            $certificateValidator = New-Object 'VMware.vSphere.SsoAdmin.Utils.AcceptAllX509CertificateValidator'
        }
        $ssoAdminServer = $null
        try {
            if ($PSBoundParameters.ContainsKey('Credential')) {
                $ssoAdminServer = New-Object `
                    'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
                    -ArgumentList @(
                    $Server,
                    $Credential.UserName,
                    $Credential.Password,
                    $certificateValidator)
            } else {
                $ssoAdminServer = New-Object `
                    'VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer' `
                    -ArgumentList @(
                    $Server,
                    $User,
                    $Password,
                    $certificateValidator)
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
        if ($ssoAdminServer -ne $null) {
            $existingConnectionIndex = $global:DefaultSsoAdminServers.IndexOf($ssoAdminServer)
            if ($existingConnectionIndex -ge 0) {
                $global:DefaultSsoAdminServers[$existingConnectionIndex].RefCount++
                $ssoAdminServer = $global:DefaultSsoAdminServers[$existingConnectionIndex]
            }
            else {
                # Update $global:DefaultSsoAdminServers varaible
                $global:DefaultSsoAdminServers.Add($ssoAdminServer) | Out-Null
            }
            # Function Output
            Write-Output $ssoAdminServer
        }
    }
 }
 function Disconnect-SsoAdminServer {
    <#
    .NOTES
    ===========================================================================
    Created on:   	9/29/2020
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function closes the connection to a vSphere SSO Admin server.
    .PARAMETER Server
    Specifies the vSphere SSO Admin systems you want to disconnect from
    .EXAMPLE
    $mySsoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    Disconnect-SsoAdminServer -Server $mySsoAdminConnection
    Disconnect a SSO Admin connection stored in 'mySsoAdminConnection' varaible
 #>
    [CmdletBinding()]
    param(
        [Parameter(
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdmin.Utils.StringToSsoAdminServerArgumentTransformationAttribute()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer[]]
        $Server
    )
    Process {
        if (-not $PSBoundParameters['Server']) {
            switch (@($global:DefaultSsoAdminServers).count) {
                { $_ -eq 1 } { $server = ($global:DefaultSsoAdminServers).ToArray()[0] ; break }
                { $_ -gt 1 } {
                    Throw 'Connected to more than 1 SSO server, please specify a SSO server via -Server parameter'
                    break
                }
                Default {
                    Throw 'Not connected to SSO server.'
                }
            }
        }
        foreach ($requestedServer in $Server) {
            if ($requestedServer.IsConnected) {
                $requestedServer.Disconnect()
            }
            if ($global:DefaultSsoAdminServers.Contains($requestedServer) -and $requestedServer.RefCount -eq 0) {
                $global:DefaultSsoAdminServers.Remove($requestedServer) | Out-Null
            }
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/Group.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/Group.ps1
@@ -0,0 +1,652 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function New-SsoGroup {
    <#
    .NOTES
       ===========================================================================
       Created on:   	5/25/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
    .SYNOPSIS
    Creates Local Sso Group
    .DESCRIPTION
    Creates Local Sso Group
    .PARAMETER Name
    Specifies the name of the group.
    .PARAMETER Description
    Specifies an optional description of the group.
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
    .EXAMPLE
    New-SsoGroup -Name 'myGroup' -Description 'My Group Description'
    Creates a local group with name 'myGroup' and description 'My Group Description'
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Specifies the name of the group')]
        [string]
        $Name,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Specifies the description of the group')]
        [string]
        $Description,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }
            # Output is the result of 'CreateLocalGroup'
            try {
                $connection.Client.CreateLocalGroup(
                    $Name,
                    $Description
                )
            }
            catch {
                Write-Error (FormatError $_.Exception)
            }
        }
    }
 }
 function Get-SsoGroup {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/29/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function gets domain groups.
       .PARAMETER Name
       Specifies Name to filter on when searching for groups.
       .PARAMETER Domain
       Specifies the Domain in which search will be applied, default is 'localos'.
       .PARAMETER Group
        Specifies the group in which search for person user members will be applied.
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Get-SsoGroup -Name administrators -Domain vsphere.local
       Gets 'adminsitrators' group in 'vsphere.local' domain
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Name filter to be applied when searching for group')]
        [string]
        $Name,
        [Parameter(
            ParameterSetName = 'ByNameAndDomain',
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain name to search in, default is "localos"')]
        [string]
        $Domain = 'localos',
        [Parameter(
            ParameterSetName = 'ByGroup',
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Searches group members of the specified group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,
        [Parameter(
            ParameterSetName = 'ByNameAndDomain',
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($null -ne $Server) {
            $serversToProcess = $Server
        }
        if ($null -eq $Name) {
            $Name = [string]::Empty
        }
        try {
            if ($null -ne $Group) {
                foreach ($g in $Group) {
                    $ssoAdminClient = $g.GetClient()
                    if ((-not $ssoAdminClient)) {
                        Write-Error "Object '$g' is from disconnected server"
                        continue
                    }
                    foreach ($resultGroup in $ssoAdminClient.GetGroupsInGroup(
                            (RemoveWildcardSymbols $Name),
                            $Group)) {
                        if ([string]::IsNullOrEmpty($Name) ) {
                            Write-Output $resultGroup
                        }
                        else {
                            # Apply Name filtering
                            if ((HasWildcardSymbols $Name) -and `
                                    $resultGroup.Name -like $Name) {
                                Write-Output $resultGroup
                            }
                            elseif ($resultGroup.Name -eq $Name) {
                                # Exactly equal
                                Write-Output $resultGroup
                            }
                        }
                    }
                }
            } else {
                foreach ($connection in $serversToProcess) {
                    if (-not $connection.IsConnected) {
                        Write-Error "Server $connection is disconnected"
                        continue
                    }
                    foreach ($resultGroup in $connection.Client.GetGroups(
                            (RemoveWildcardSymbols $Name),
                            $Domain)) {
                        if ([string]::IsNullOrEmpty($Name) ) {
                            Write-Output $resultGroup
                        }
                        else {
                            # Apply Name filtering
                            if ((HasWildcardSymbols $Name) -and `
                                    $resultGroup.Name -like $Name) {
                                Write-Output $resultGroup
                            }
                            elseif ($resultGroup.Name -eq $Name) {
                                # Exactly equal
                                Write-Output $resultGroup
                            }
                        }
                    }
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-SsoGroup {
    <#
    .NOTES
       ===========================================================================
       Created on:   	5/25/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
    .SYNOPSIS
    Updates Local Sso Group
    .DESCRIPTION
    Updates Local Sso Group details
    .PARAMETER Group
    Specifies the group instace to update.
    .PARAMETER Description
    Specifies a description of the group.
    .EXAMPLE
    $myGroup = New-SsoGroup -Name 'myGroup'
    $myGroup | Set-SsoGroup -Description 'My Group Description'
    Updates local group $myGroup with description 'My Group Description'
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Group instance you want to update')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Specifies the description of the group')]
        [string]
        $Description)
    Process {
        try {
            foreach ($g in $Group) {
                $ssoAdminClient = $g.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$g' is from disconnected server"
                    continue
                }
                $ssoAdminClient.UpdateLocalGroup($g, $Description)
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Remove-SsoGroup {
    <#
    .NOTES
    ===========================================================================
    Created on:   	5/25/2021
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function removes existing local group.
    .PARAMETER Group
    Specifies the Group instance to remove.
    .EXAMPLE
    $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    $myNewGroup = New-SsoGroup -Server $ssoAdminConnection -Name 'myGroup'
    Remove-SsoGroup -Group $myNewGroup
    Remove plocal group with name 'myGroup'
 #>
    [CmdletBinding(ConfirmImpact = 'High')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Group instance you want to remove')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group)
    Process {
        try {
            foreach ($g in $Group) {
                $ssoAdminClient = $g.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$g' is from disconnected server"
                    continue
                }
                $ssoAdminClient.RemoveLocalGroup($g)
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Add-GroupToSsoGroup {
    <#
    .NOTES
    ===========================================================================
    Created on:   	5/26/2021
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .SYNOPSIS
    Adds a group to another group
    .DESCRIPTION
    Adds the specified group on $Group parameter to target group specified on $TargetGroup parameter
    .PARAMETER Group
    A Group instance to be added to the $TargetGroup
    .PARAMETER TargetGroup
    A target group to which the $Group will be added.
    .EXAMPLE
    $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local'
    Get-SsoGroup -Name 'TestGroup' -Domain 'MyDomain' | Add-GroupToSsoGroup -TargetGroup $administratosGroup
    Adds 'TestGroup' from 'MyDomain' domain to vsphere.local Administrators group.
    #>
    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'SsoGroup instance you want to add to the target group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Target SsoGroup instance where the $Group wtill be added')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $TargetGroup)
    Process {
        try {
            foreach ($g in $Group) {
                $ssoAdminClient = $g.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$g' is from disconnected server"
                    continue
                }
                if ($g.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) {
                    Write-Error "Group '$g' is not from the same server as the target group"
                    continue
                }
                $result = $ssoAdminClient.AddGroupToGroup($g, $TargetGroup)
                if (-not $result) {
                    Write-Error "Group '$g' was not added to the target group. The Server operation result doesn't indicate success"
                    continue
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Remove-GroupFromSsoGroup {
    <#
    .NOTES
    ===========================================================================
    Created on:   	5/26/2021
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .SYNOPSIS
    Removes a group to another group
    .DESCRIPTION
    Removes the specified group on $Group parameter from target group specified on $TargetGroup parameter
    .PARAMETER Group
    A Group instance to be removed from the $TargetGroup
    .PARAMETER TargetGroup
    A target group from which the $Group will be removed.
    .EXAMPLE
    $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local'
    Get-SsoGroup -Name 'TestGroup' -Domain 'MyDomain' | Remove-GroupFromSsoGroup -TargetGroup $administratosGroup
    Removes 'TestGroup' from 'MyDomain' domain from vsphere.local Administrators group.
    #>
    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'SsoGroup instance you want to remove from the target group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Target SsoGroup instance from which the $Group wtill be removed')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $TargetGroup)
    Process {
        try {
            foreach ($g in $Group) {
                $ssoAdminClient = $g.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$g' is from disconnected server"
                    continue
                }
                if ($g.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) {
                    Write-Error "Group '$g' is not from the same server as the target group"
                    continue
                }
                $result = $ssoAdminClient.RemoveGroupFromGroup($g, $TargetGroup)
                if (-not $result) {
                    Write-Error "Group '$g' was not removed to the target group. The Server operation result doesn't indicate success"
                    continue
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Add-UserToSsoGroup {
    <#
    .NOTES
    ===========================================================================
    Created on:   	5/26/2021
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .SYNOPSIS
    Adds an user to a group
    .DESCRIPTION
    Adds the user on $User parameter to target group specified on $TargetGroup parameter
    .PARAMETER User
    A PersonUser instance to be added to the $TargetGroup
    .PARAMETER TargetGroup
    A target group to which the $User will be added.
    .EXAMPLE
    $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local'
    Get-SsoPersonUser -Name 'TestUser' -Domain 'MyDomain' | Add-UserToSsoGroup -TargetGroup $administratosGroup
    Adds 'TestUser' from 'MyDomain' domain to vsphere.local Administrators group.
    #>
    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PersonUser instance you want to add to the target group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
        $User,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Target SsoGroup instance where the $Group wtill be added')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $TargetGroup)
    Process {
        try {
            foreach ($u in $User) {
                $ssoAdminClient = $u.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$u' is from disconnected server"
                    continue
                }
                if ($u.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) {
                    Write-Error "User '$u' is not from the same server as the target group"
                    continue
                }
                $result = $ssoAdminClient.AddPersonUserToGroup($u, $TargetGroup)
                if (-not $result) {
                    Write-Error "User '$u' was not added to the target group. The Server operation result doesn't indicate success"
                    continue
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Remove-UserFromSsoGroup {
    <#
    .NOTES
    ===========================================================================
    Created on:   	5/26/2021
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .SYNOPSIS
    Removes a person user from group
    .DESCRIPTION
    Removes the specified person user on $User parameter from target group specified on $TargetGroup parameter
    .PARAMETER User
    A PersonUser instance to be removed from the $TargetGroup
    .PARAMETER TargetGroup
    A target group from which the $User will be removed.
    .EXAMPLE
    $administratosGroup = Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local'
    Get-SsoPersonUser -Name 'TestUser' -Domain 'MyDomain' | Remove-UserFromSsoGroup -TargetGroup $administratosGroup
    Removes 'TestUser' from 'MyDomain' domain from vsphere.local Administrators group.
    #>
    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PersonUser instance you want to remove from the target group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
        $User,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Target SsoGroup instance from which the $User wtill be removed')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $TargetGroup)
    Process {
        try {
            foreach ($u in $User) {
                $ssoAdminClient = $u.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$u' is from disconnected server"
                    continue
                }
                if ($u.GetClient().ServiceUri -ne $TargetGroup.GetClient().ServiceUri) {
                    Write-Error "User '$u' is not from the same server as the target group"
                    continue
                }
                $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $TargetGroup)
                if (-not $result) {
                    Write-Error "User '$u' was not removed to the target group. The Server operation result doesn't indicate success"
                    continue
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/IdentitySource.ps1
@@ -0,0 +1,872 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Add-ExternalDomainIdentitySource {
    <#
       .NOTES
       ===========================================================================
       Created on:   	2/11/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function adds Identity Source of ActiveDirectory, OpenLDAP or NIS type.
       .PARAMETER Name
       Name of the identity source
       .PARAMETER DomainName
       Domain name
       .PARAMETER DomainAlias
       Domain alias
       .PARAMETER PrimaryUrl
       Primary Server URL
       .PARAMETER BaseDNUsers
       Base distinguished name for users
       .PARAMETER BaseDNGroups
       Base distinguished name for groups
       .PARAMETER Username
       Domain authentication user name
       .PARAMETER Passowrd
       Domain authentication password
       .PARAMETER DomainServerType
       Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
       .PARAMETER Default
       Sets the Identity Source as the defualt for the SSO
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Add-ExternalDomainIdentitySource `
          -Name 'sof-powercli' `
          -DomainName 'sof-powercli.vmware.com' `
          -DomainAlias 'sof-powercli' `
          -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
          -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
          -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
          -Username 'sofPowercliAdmin' `
          -Password '$up3R$Tr0Pa$$w0rD'
       Adds External Identity Source
    #>
    [CmdletBinding()]
    [Alias("Add-ActiveDirectoryIdentitySource")]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Friendly name of the identity source')]
        [ValidateNotNull()]
        [string]
        $Name,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [ValidateNotNull()]
        [string]
        $DomainName,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [string]
        $DomainAlias,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [ValidateNotNull()]
        [string]
        $PrimaryUrl,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Base distinguished name for users')]
        [ValidateNotNull()]
        [string]
        $BaseDNUsers,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Base distinguished name for groups')]
        [ValidateNotNull()]
        [string]
        $BaseDNGroups,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain authentication user name')]
        [ValidateNotNull()]
        [string]
        $Username,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain authentication password')]
        [ValidateNotNull()]
        [string]
        $Password,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'External domain server type')]
        [ValidateSet('ActiveDirectory')]
        [string]
        $DomainServerType = 'ActiveDirectory',
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Sets the Identity Source as default')]
        [Switch]
        $Default,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
    if ($Server -ne $null) {
        $serversToProcess = $Server
    }
    try {
        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }
            $connection.Client.AddActiveDirectoryExternalDomain(
                $DomainName,
                $DomainAlias,
                $Name,
                $PrimaryUrl,
                $BaseDNUsers,
                $BaseDNGroups,
                $Username,
                $Password,
                $DomainServerType);
            if ($Default) {
                $connection.Client.SetDefaultIdentitySource($Name)
            }
        }
    }
    catch {
        Write-Error (FormatError $_.Exception)
    }
 }
 function Add-LDAPIdentitySource {
    <#
       .NOTES
       ===========================================================================
       Created on:   	2/11/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
       .PARAMETER Name
       Friendly name of the identity source
       .PARAMETER DomainName
       Domain name
       .PARAMETER DomainAlias
       Domain alias
       .PARAMETER PrimaryUrl
       Primary Server URL
       .PARAMETER SecondaryUrl
       Secondary Server URL
       .PARAMETER BaseDNUsers
       Base distinguished name for users
       .PARAMETER BaseDNGroups
       Base distinguished name for groups
       .PARAMETER Username
       Domain authentication user name
       .PARAMETER Passowrd
       Domain authentication password
       .PARAMETER Credential
       Domain authentication credential
       .PARAMETER ServerType
       Type of the ExternalDomain, one of 'ActiveDirectory','OpenLdap','NIS'
       .PARAMETER Certificates
       List of X509Certicate2 LDAP certificates
       .PARAMETER Default
       Sets the Identity Source as the defualt for the SSO
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       Adds LDAP Identity Source
       .EXAMPLE
       Add-LDAPIdentitySource `
          -Name 'sof-powercli' `
          -DomainName 'sof-powercli.vmware.com' `
          -DomainAlias 'sof-powercli' `
          -PrimaryUrl 'ldap://sof-powercli.vmware.com:389' `
          -BaseDNUsers 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
          -BaseDNGroups 'CN=Users,DC=sof-powercli,DC=vmware,DC=com' `
          -Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
          -Password '$up3R$Tr0Pa$$w0rD' `
          -Certificates 'C:\Temp\test.cer'
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Friendly name of the identity source')]
        [ValidateNotNull()]
        [string]
        $Name,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [ValidateNotNull()]
        [string]
        $DomainName,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [string]
        $DomainAlias,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [string]
        $SecondaryUrl,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [ValidateNotNull()]
        [string]
        $PrimaryUrl,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Base distinguished name for users')]
        [ValidateNotNull()]
        [string]
        $BaseDNUsers,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Base distinguished name for groups')]
        [ValidateNotNull()]
        [string]
        $BaseDNGroups,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain authentication user name',
            ParameterSetName = 'DomainAuthenticationPassword')]
        [ValidateNotNull()]
        [string]
        $Username,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain authentication password',
            ParameterSetName = 'DomainAuthenticationPassword')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
        [SecureString]
        $Password,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PSCredential object to use for authenticating with the LDAP',
            ParameterSetName = 'DomainAuthenticationCredential')]
        [PSCredential]
        $Credential,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Ldap Certificates')]
        [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
        $Certificates,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Ldap Server type')]
        [ValidateSet('ActiveDirectory', 'OpenLdap')]
        [string]
        $ServerType = 'ActiveDirectory',
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Sets the Identity Source as default')]
        [Switch]
        $Default,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
    if ($Server -ne $null) {
        $serversToProcess = $Server
    }
    try {
        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }
            $authenticationUserName = ""
            $authenticationPassword = ""
            if ($PSBoundParameters.ContainsKey('Credential')) {
                $authenticationUserName = $Credential.UserName
                $authenticationPassword = $Credential.Password
            } else {
                $authenticationUserName = $Username
                $authenticationPassword = $Password
            }
            $connection.Client.AddLdapIdentitySource(
                $DomainName,
                $DomainAlias,
                $Name,
                $PrimaryUrl,
                $SecondaryUrl,
                $BaseDNUsers,
                $BaseDNGroups,
                $authenticationUserName,
                $authenticationPassword,
                $ServerType,
                $Certificates);
            if ($Default) {
                $connection.Client.SetDefaultIdentitySource($Name)
            }
        }
    }
    catch {
        Write-Error (FormatError $_.Exception)
    }
 }
 function Set-LDAPIdentitySource {
    <#
       .NOTES
       ===========================================================================
       Created on:   	2/17/2021
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function adds LDAP Identity Source of ActiveDirectory, OpenLDAP or NIS type.
       .PARAMETER IdentitySource
       Identity Source to update
       .PARAMETER Certificates
       List of X509Certicate2 LDAP certificates
       .PARAMETER Username
       Domain authentication user name
       .PARAMETER Passowrd
       Domain authentication password
       .PARAMETER Credential
       Domain authentication credential
       .PARAMETER Default
       Sets the Identity Source as the defualt for the SSO
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       Updates LDAP Identity Source
       .EXAMPLE
       Updates certificate of a LDAP identity source
       Get-IdentitySource -External | `
       Set-LDAPIdentitySource `
          -Certificates 'C:\Temp\test.cer'
        .EXAMPLE
        Updates certificate of a LDAP identity source authentication password
        Get-IdentitySource -External | `
        Set-LDAPIdentitySource `
          -Username 'sofPowercliAdmin@sof-powercli.vmware.com' `
          -Password '$up3R$Tr0Pa$$w0rD'
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Identity source to update')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource]
        $IdentitySource,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Ldap Certificates',
            ParameterSetName = 'UpdateCertificates')]
        [System.Security.Cryptography.X509Certificates.X509Certificate2[]]
        $Certificates,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain authentication user name',
            ParameterSetName = 'DomainAuthenticationPassword')]
        [ValidateNotNull()]
        [string]
        $Username,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain authentication password',
            ParameterSetName = 'DomainAuthenticationPassword')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdmin.Utils.StringToSecureStringArgumentTransformationAttribute()]
        [SecureString]
        $Password,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PSCredential object to use for authenticating with the LDAP',
            ParameterSetName = 'DomainAuthenticationCredential')]
        [PSCredential]
        $Credential,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            ParameterSetName = 'SetAsDefault',
            HelpMessage = 'Sets the Identity Source as default')]
        [Switch]
        $Default,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($null -ne $Server) {
            $serversToProcess = $Server
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                if ($PSBoundParameters.ContainsKey('Certificates')) {
                    $connection.Client.UpdateLdapIdentitySource(
                        $IdentitySource.Name,
                        $IdentitySource.FriendlyName,
                        $IdentitySource.PrimaryUrl,
                        $IdentitySource.FailoverUrl,
                        $IdentitySource.UserBaseDN,
                        $IdentitySource.GroupBaseDN,
                        $Certificates);
                }
                $authenticationUserName = $null
                $authenticationPassword = $null
                if ($PSBoundParameters.ContainsKey('Credential')) {
                    $authenticationUserName = $Credential.UserName
                    $authenticationPassword = $Credential.Password
                }
                if ($PSBoundParameters.ContainsKey('Password')) {
                    $authenticationUserName = $Username
                    $authenticationPassword = $Password
                }
                if ($null -ne $authenticationPassword) {
                    $connection.Client.UpdateLdapIdentitySourceAuthentication(
                        $IdentitySource.Name,
                        $authenticationUserName,
                        $authenticationPassword);
                }
                if ($Default) {
                    $connection.Client.SetDefaultIdentitySource($IdentitySource.Name)
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-IdentitySource {
    <#
       .NOTES
       ===========================================================================
       Created on:   	2/25/2022
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       Updates IDentitySource
       .PARAMETER IdentitySource
       Identity Source to update
       .PARAMETER Default
       Sets the Identity Source as the defualt for the SSO
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       Updates LDAP Identity Source
       .EXAMPLE
       Updates certificate of a LDAP identity source
       Get-IdentitySource -External | Set-IdentitySource -Default
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Identity source to update')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
        $IdentitySource,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Sets the Identity Source as default')]
        [Switch]
        $Default,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($null -ne $Server) {
            $serversToProcess = $Server
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                if ($Default) {
                    $connection.Client.SetDefaultIdentitySource($IdentitySource.Name)
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Get-IdentitySource {
    <#
       .NOTES
       ===========================================================================
       Created on:   11/26/2020
       Created by:   Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function gets Identity Source.
       .PARAMETER Localos
       Filter parameter to return only the localos domain identity source
       .PARAMETER System
       Filter parameter to return only the system domain identity source
       .PARAMETER External
       Filter parameter to return only the external domain identity sources
       .PARAMETER Default
       Filter parameter to return only the default domain identity sources
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Get-IdentitySource -External
       Gets all external domain identity source
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Returns only the localos domain identity source')]
        [Switch]
        $Localos,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Returns only the system domain identity source')]
        [Switch]
        $System,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Returns only the external domain identity sources')]
        [Switch]
        $External,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Returns only the default domain identity sources')]
        [Switch]
        $Default,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
    if ($Server -ne $null) {
        $serversToProcess = $Server
    }
    foreach ($connection in $serversToProcess) {
        if (-not $connection.IsConnected) {
            Write-Error "Server $connection is disconnected"
            continue
        }
        $resultIdentitySources = @()
        $allIdentitySources = $connection.Client.GetDomains()
        if (-not $Localos -and -not $System -and -not $External) {
            $resultIdentitySources = $allIdentitySources
        }
        if ($Localos) {
            $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.LocalOSIdentitySource] }
        }
        if ($System) {
            $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.SystemIdentitySource] }
        }
        if ($External) {
            $resultIdentitySources += $allIdentitySources | Where-Object { $_ -is [VMware.vSphere.SsoAdminClient.DataTypes.ActiveDirectoryIdentitySource] }
        }
        if ($Default) {
            $resultIdentitySources = @()
            $defaultDomainName = $connection.Client.GetDefaultIdentitySourceDomainName()
            $resultIdentitySources = $allIdentitySources | Where-Object { $_.Name -eq $defaultDomainName }
        }
        #Return result
        $resultIdentitySources
    }
 }
 function Remove-IdentitySource {
    <#
       .NOTES
       ===========================================================================
       Created on:   03/19/2021
       Created by:   Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function removes Identity Source.
       .PARAMETER IdentitySource
       The identity source to remove
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Get-IdentitySource -External | Remove-IdentitySource
       Removes all external domain identity source
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Identity source to remove')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.IdentitySource]
        $IdentitySource,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                $connection.Client.DeleteDomain($IdentitySource.Name)
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/LockoutPolicy.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/LockoutPolicy.ps1
@@ -0,0 +1,164 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-SsoLockoutPolicy {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/30/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function gets lockout policy.
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Get-SsoLockoutPolicy
       Gets lockout policy for the server connections available in $global:defaultSsoAdminServers
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                $connection.Client.GetLockoutPolicy();
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-SsoLockoutPolicy {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/30/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function updates lockout policy settings.
       .PARAMETER LockoutPolicy
       Specifies the LockoutPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object.
       .PARAMETER Description
       .PARAMETER AutoUnlockIntervalSec
       .PARAMETER FailedAttemptIntervalSec
       .PARAMETER MaxFailedAttempts
       .EXAMPLE
       Get-SsoLockoutPolicy | Set-SsoLockoutPolicy -AutoUnlockIntervalSec 15 -MaxFailedAttempts 4
       Updates lockout policy auto unlock interval seconds and maximum failed attempts
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'LockoutPolicy instance you want to update')]
        [VMware.vSphere.SsoAdminClient.DataTypes.LockoutPolicy]
        $LockoutPolicy,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'LockoutPolicy description')]
        [string]
        $Description,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int64]]
        $AutoUnlockIntervalSec,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int64]]
        $FailedAttemptIntervalSec,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MaxFailedAttempts)
    Process {
        try {
            foreach ($lp in $LockoutPolicy) {
                $ssoAdminClient = $lp.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$lp' is from disconnected server"
                    continue
                }
                if ([string]::IsNullOrEmpty($Description)) {
                    $Description = $lp.Description
                }
                if ($AutoUnlockIntervalSec -eq $null) {
                    $AutoUnlockIntervalSec = $lp.AutoUnlockIntervalSec
                }
                if ($FailedAttemptIntervalSec -eq $null) {
                    $FailedAttemptIntervalSec = $lp.FailedAttemptIntervalSec
                }
                if ($MaxFailedAttempts -eq $null) {
                    $MaxFailedAttempts = $lp.MaxFailedAttempts
                }
                $ssoAdminClient.SetLockoutPolicy(
                    $Description,
                    $AutoUnlockIntervalSec,
                    $FailedAttemptIntervalSec,
                    $MaxFailedAttempts);
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/PasswordPolicy.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/PasswordPolicy.ps1
@@ -0,0 +1,262 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-SsoPasswordPolicy {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/30/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function gets password policy.
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Get-SsoPasswordPolicy
       Gets password policy for the server connections available in $global:defaultSsoAdminServers
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                $connection.Client.GetPasswordPolicy();
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-SsoPasswordPolicy {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/30/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function updates password policy settings.
       .PARAMETER PasswordPolicy
       Specifies the PasswordPolicy instance which will be used as original policy. If some properties are not specified they will be updated with the properties from this object.
       .PARAMETER Description
       .PARAMETER ProhibitedPreviousPasswordsCount
       .PARAMETER MinLength
       .PARAMETER MaxLength
       .PARAMETER MaxIdenticalAdjacentCharacters
       .PARAMETER MinNumericCount
       .PARAMETER MinSpecialCharCount
       .PARAMETER MinAlphabeticCount
       .PARAMETER MinUppercaseCount
       .PARAMETER MinLowercaseCount
       .PARAMETER PasswordLifetimeDays
       .EXAMPLE
       Get-SsoPasswordPolicy | Set-SsoPasswordPolicy -MinLength 10 -PasswordLifetimeDays 45
       Updates password policy setting minimum password length to 10 symbols and password lifetime to 45 days
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PasswordPolicy instance you want to update')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PasswordPolicy]
        $PasswordPolicy,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'PasswordPolicy description')]
        [string]
        $Description,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $ProhibitedPreviousPasswordsCount,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MinLength,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MaxLength,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MaxIdenticalAdjacentCharacters,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MinNumericCount,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MinSpecialCharCount,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MinAlphabeticCount,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MinUppercaseCount,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $MinLowercaseCount,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int32]]
        $PasswordLifetimeDays)
    Process {
        try {
            foreach ($pp in $PasswordPolicy) {
                $ssoAdminClient = $pp.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$pp' is from disconnected server"
                    continue
                }
                if ([string]::IsNullOrEmpty($Description)) {
                    $Description = $pp.Description
                }
                if ($ProhibitedPreviousPasswordsCount -eq $null) {
                    $ProhibitedPreviousPasswordsCount = $pp.ProhibitedPreviousPasswordsCount
                }
                if ($MinLength -eq $null) {
                    $MinLength = $pp.MinLength
                }
                if ($MaxLength -eq $null) {
                    $MaxLength = $pp.MaxLength
                }
                if ($MaxIdenticalAdjacentCharacters -eq $null) {
                    $MaxIdenticalAdjacentCharacters = $pp.MaxIdenticalAdjacentCharacters
                }
                if ($MinNumericCount -eq $null) {
                    $MinNumericCount = $pp.MinNumericCount
                }
                if ($MinSpecialCharCount -eq $null) {
                    $MinSpecialCharCount = $pp.MinSpecialCharCount
                }
                if ($MinAlphabeticCount -eq $null) {
                    $MinAlphabeticCount = $pp.MinAlphabeticCount
                }
                if ($MinUppercaseCount -eq $null) {
                    $MinUppercaseCount = $pp.MinUppercaseCount
                }
                if ($MinLowercaseCount -eq $null) {
                    $MinLowercaseCount = $pp.MinLowercaseCount
                }
                if ($PasswordLifetimeDays -eq $null) {
                    $PasswordLifetimeDays = $pp.PasswordLifetimeDays
                }
                $ssoAdminClient.SetPasswordPolicy(
                    $Description,
                    $ProhibitedPreviousPasswordsCount,
                    $MinLength,
                    $MaxLength,
                    $MaxIdenticalAdjacentCharacters,
                    $MinNumericCount,
                    $MinSpecialCharCount,
                    $MinAlphabeticCount,
                    $MinUppercaseCount,
                    $MinLowercaseCount,
                    $PasswordLifetimeDays);
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/PersonUser.ps1
@@ -0,0 +1,551 @@
 <#
 Copyright 2020-2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function New-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on:   	9/29/2020
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function creates new person user account.
    .PARAMETER UserName
    Specifies the UserName of the requested person user account.
    .PARAMETER Password
    Specifies the Password of the requested person user account.
    .PARAMETER Description
    Specifies the Description of the requested person user account.
    .PARAMETER EmailAddress
    Specifies the EmailAddress of the requested person user account.
    .PARAMETER FirstName
    Specifies the FirstName of the requested person user account.
    .PARAMETER LastName
    Specifies the FirstName of the requested person user account.
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
    .EXAMPLE
    $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
    Creates person user account with user name 'myAdmin' and password 'MyStrongPa$$w0rd'
    .EXAMPLE
    New-SsoPersonUser -User myAdmin -Password 'MyStrongPa$$w0rd' -EmailAddress 'myAdmin@mydomain.com' -FirstName 'My' -LastName 'Admin'
    Creates person user account with user name 'myAdmin', password 'MyStrongPa$$w0rd', and details against connections available in 'DefaultSsoAdminServers'
 #>
    [CmdletBinding(ConfirmImpact = 'Low')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'User name of the new person user account')]
        [string]
        $UserName,
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Password of the new person user account')]
        [string]
        $Password,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Description of the new person user account')]
        [string]
        $Description,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'EmailAddress of the new person user account')]
        [string]
        $EmailAddress,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'FirstName of the new person user account')]
        [string]
        $FirstName,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'LastName of the new person user account')]
        [string]
        $LastName,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }
            # Output is the result of 'CreateLocalUser'
            try {
                $connection.Client.CreateLocalUser(
                    $UserName,
                    $Password,
                    $Description,
                    $EmailAddress,
                    $FirstName,
                    $LastName
                )
            }
            catch {
                Write-Error (FormatError $_.Exception)
            }
        }
    }
 }
 function Get-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on:   	9/29/2020
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function gets person user account.
    .PARAMETER Name
    Specifies Name to filter on when searching for person user accounts.
    .PARAMETER Domain
    Specifies the Domain in which search will be applied, default is 'localos'.
    .PARAMETER Group
    Specifies the group in which search for person user members will be applied.
    .PARAMETER Server
    Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
    If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
    .EXAMPLE
    Get-SsoPersonUser -Name admin -Domain vsphere.local
    Gets person user accounts which contain name 'admin' in 'vsphere.local' domain
    .EXAMPLE
    Get-SsoGroup -Name 'Administrators' -Domain 'vsphere.local' | Get-SsoPersonUser
    Gets person user accounts members of 'Administrators' group
 #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Name filter to be applied when searching for person user accounts')]
        [string]
        $Name,
        [Parameter(
            ParameterSetName = 'ByNameAndDomain',
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Domain name to search in, default is "localos"')]
        [string]
        $Domain = 'localos',
        [Parameter(
            ParameterSetName = 'ByGroup',
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Searches members of the specified group')]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        if ($Name -eq $null) {
            $Name = [string]::Empty
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                $personUsers = $null
                if ($Group -ne $null) {
                    $personUsers = $connection.Client.GetPersonUsersInGroup(
                        (RemoveWildcardSymbols $Name),
                        $Group)
                }
                else {
                    $personUsers = $connection.Client.GetLocalUsers(
                        (RemoveWildcardSymbols $Name),
                        $Domain)
                }
                if ($personUsers -ne $null) {
                    foreach ($personUser in $personUsers) {
                        if ([string]::IsNullOrEmpty($Name) ) {
                            Write-Output $personUser
                        }
                        else {
                            # Apply Name filtering
                            if ((HasWildcardSymbols $Name) -and `
                                    $personUser.Name -like $Name) {
                                Write-Output $personUser
                            }
                            elseif ($personUser.Name -eq $Name) {
                                # Exactly equal
                                Write-Output $personUser
                            }
                        }
                    }
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on:   	9/29/2020
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    Updates person user account.
    .PARAMETER User
    Specifies the PersonUser instance to update.
    .PARAMETER Group
    Specifies the Group you want to add or remove PwersonUser from.
    .PARAMETER Add
    Specifies user will be added to the spcified group.
    .PARAMETER Remove
    Specifies user will be removed from the spcified group.
    .PARAMETER Unlock
    Specifies user will be unlocked.
    .PARAMETER NewPassword
    Specifies new password for the specified user.
    .PARAMETER Enable
    Specifies user to be enabled or disabled.
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Add -Server $ssoAdminConnection
    Adds $myPersonUser to $myExampleGroup
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Group $myExampleGroup -Remove -Server $ssoAdminConnection
    Removes $myPersonUser from $myExampleGroup
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Unlock -Server $ssoAdminConnection
    Unlocks $myPersonUser
     .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -Enable $false -Server $ssoAdminConnection
    Disable user account
    .EXAMPLE
    Set-SsoPersonUser -User $myPersonUser -NewPassword 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
    Resets $myPersonUser password
 #>
    [CmdletBinding(ConfirmImpact = 'Medium')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Person User instance you want to update')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
        $User,
        [Parameter(
            ParameterSetName = 'AddToGroup',
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Group instance you want user to be added to or removed from')]
        [Parameter(
            ParameterSetName = 'RemoveFromGroup',
            Mandatory = $true,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Group instance you want user to be added to or removed from')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.Group]
        $Group,
        [Parameter(
            ParameterSetName = 'AddToGroup',
            Mandatory = $true)]
        [switch]
        $Add,
        [Parameter(
            ParameterSetName = 'RemoveFromGroup',
            Mandatory = $true)]
        [switch]
        $Remove,
        [Parameter(
            ParameterSetName = 'ResetPassword',
            Mandatory = $true,
            HelpMessage = 'New password for the specified user.')]
        [ValidateNotNull()]
        [string]
        $NewPassword,
        [Parameter(
            ParameterSetName = 'UnlockUser',
            Mandatory = $true,
            HelpMessage = 'Specifies to unlock user account.')]
        [switch]
        $Unlock,
        [Parameter(
            ParameterSetName = 'EnableDisableUserAccount',
            Mandatory = $true,
            HelpMessage = 'Specifies to enable or disable user account.')]
        [bool]
        $Enable)
    Process {
        try {
            foreach ($u in $User) {
                $ssoAdminClient = $u.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$u' is from disconnected server"
                    continue
                }
                if ($Add) {
                    $result = $ssoAdminClient.AddPersonUserToGroup($u, $Group)
                    if ($result) {
                        Write-Output $u
                    }
                }
                if ($Remove) {
                    $result = $ssoAdminClient.RemovePersonUserFromGroup($u, $Group)
                    if ($result) {
                        Write-Output $u
                    }
                }
                if ($Unlock) {
                    $result = $ssoAdminClient.UnlockPersonUser($u)
                    if ($result) {
                        Write-Output $u
                    }
                }
                if ($NewPassword) {
                    $ssoAdminClient.ResetPersonUserPassword($u, $NewPassword)
                    Write-Output $u
                }
                if ($PSBoundParameters.ContainsKey('Enable')) {
                    $result = $false
                    if ($Enable) {
                        $result = $ssoAdminClient.EnablePersonUser($u)
                    } else {
                        $result = $ssoAdminClient.DisablePersonUser($u)
                    }
                    if ($result) {
                        # Return update person user
                        Write-Output ($ssoAdminClient.GetLocalUsers($u.Name, $u.Domain))
                    }
                }
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-SsoSelfPersonUserPassword {
    <#
    .NOTES
    ===========================================================================
    Created on:   	2/19/2021
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    Resets connected person user password.
    .PARAMETER NewPassword
    Specifies new password for the connected person user.
    .EXAMPLE
    Set-SsoSelfPersonUserPassword -Password 'MyBrandNewPa$$W0RD' -Server $ssoAdminConnection
    Resets password
 #>
    [CmdletBinding(ConfirmImpact = 'High')]
    param(
        [Parameter(
            Mandatory = $true,
            HelpMessage = 'New password for the connected user.')]
        [ValidateNotNull()]
        [SecureString]
        $Password,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        foreach ($connection in $serversToProcess) {
            if (-not $connection.IsConnected) {
                Write-Error "Server $connection is disconnected"
                continue
            }
            try {
                $connection.Client.ResetSelfPersonUserPassword($Password)
            }
            catch {
                Write-Error (FormatError $_.Exception)
            }
        }
    }
 }
 function Remove-SsoPersonUser {
    <#
    .NOTES
    ===========================================================================
    Created on:   	9/29/2020
    Created by:   	Dimitar Milov
    Twitter:       @dimitar_milov
    Github:        https://github.com/dmilov
    ===========================================================================
    .DESCRIPTION
    This function removes existing person user account.
    .PARAMETER User
    Specifies the PersonUser instance to remove.
    .EXAMPLE
    $ssoAdminConnection = Connect-SsoAdminServer -Server my.vc.server -User ssoAdmin@vsphere.local -Password 'ssoAdminStrongPa$$w0rd'
    $myNewPersonUser = New-SsoPersonUser -Server $ssoAdminConnection -User myAdmin -Password 'MyStrongPa$$w0rd'
    Remove-SsoPersonUser -User $myNewPersonUser
    Remove person user account with user name 'myAdmin'
 #>
    [CmdletBinding(ConfirmImpact = 'High')]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Person User instance you want to remove')]
        [VMware.vSphere.SsoAdminClient.DataTypes.PersonUser]
        $User)
    Process {
        try {
            foreach ($u in $User) {
                $ssoAdminClient = $u.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$u' is from disconnected server"
                    continue
                }
                $ssoAdminClient.DeleteLocalUser($u)
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/README.md
+++ b/Modules/VMware.vSphere.SsoAdmin/README.md
@@ -0,0 +1,30 @@
 # PowerCLI Example module for managing vSphere SSO Admin
 This module is combination of .NET binary libraries for accessing vSphere SSO Admin API and PowerShell advanced functions exposing cmdlet-like interface to the SSO Admin features.<br/>
 <br/>
 The module supports PowerShell 5.1 and PowerShell 7.0 and above.<br/>
 ## Install Module from PowerShell Gallery
 ```
 Install-Module VMware.vSphere.SsoAdmin
 ```
 # Using the source code
 ## '/src' directory
 This directory contains the .NET binaries sources code and Pester integration tests that cover both the binaries and the module advanced functions functionality.<br/>
 ## Required build tools
 - PowerShell 7.0<br/>
 - dotnet sdk<br/>
 ## Required test tools 
 - PowerShell 7.0
 - PowerCLI 12.0<br/>
 - Pester 5.0.0<br/>
 ## '/src/build.ps1' script
 The script builds the binaries and publishes them to the 'net45' and 'netcoreapp3.1' directories of the module.<br/>
 It has also the option to run module Pester tests. The optional parameters for VC server and credentials has to be specified in order the script to run the tests. Tests run in separate PowreShell process because PowerShell has to load the module binaries which are build output.<br/>
 ## '/src/test/RunTests.ps1' script
 This script can be used to run the tests<br/>
--- a/Modules/VMware.vSphere.SsoAdmin/TokenLifetime.ps1
+++ b/Modules/VMware.vSphere.SsoAdmin/TokenLifetime.ps1
@@ -0,0 +1,128 @@
 <#
 Copyright 2020-2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 function Get-SsoTokenLifetime {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/30/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function gets HoK and Bearer Token lifetime settings.
       .PARAMETER Server
       Specifies the vSphere Sso Admin Server on which you want to run the cmdlet.
       If not specified the servers available in $global:DefaultSsoAdminServers variable will be used.
       .EXAMPLE
       Get-SsoTokenLifetime
       Gets HoK and Bearer Token lifetime settings for the server connections available in $global:defaultSsoAdminServers
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'Connected SsoAdminServer object')]
        [ValidateNotNull()]
        [VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
        $Server)
    Process {
        $serversToProcess = $global:DefaultSsoAdminServers.ToArray()
        if ($Server -ne $null) {
            $serversToProcess = $Server
        }
        try {
            foreach ($connection in $serversToProcess) {
                if (-not $connection.IsConnected) {
                    Write-Error "Server $connection is disconnected"
                    continue
                }
                $connection.Client.GetTokenLifetime();
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
 function Set-SsoTokenLifetime {
    <#
       .NOTES
       ===========================================================================
       Created on:   	9/30/2020
       Created by:   	Dimitar Milov
        Twitter:       @dimitar_milov
        Github:        https://github.com/dmilov
       ===========================================================================
       .DESCRIPTION
       This function updates HoK or Bearer token lifetime settings.
       .PARAMETER TokenLifetime
       Specifies the TokenLifetime instance to update.
       .PARAMETER MaxHoKTokenLifetime
       .PARAMETER MaxBearerTokenLifetime
       .EXAMPLE
       Get-SsoTokenLifetime | Set-SsoTokenLifetime -MaxHoKTokenLifetime 60
       Updates HoK token lifetime setting
    #>
    [CmdletBinding()]
    param(
        [Parameter(
            Mandatory = $true,
            ValueFromPipeline = $true,
            ValueFromPipelineByPropertyName = $false,
            HelpMessage = 'TokenLifetime instance you want to update')]
        [VMware.vSphere.SsoAdminClient.DataTypes.TokenLifetime]
        $TokenLifetime,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int64]]
        $MaxHoKTokenLifetime,
        [Parameter(
            Mandatory = $false,
            ValueFromPipeline = $false,
            ValueFromPipelineByPropertyName = $false)]
        [Nullable[System.Int64]]
        $MaxBearerTokenLifetime)
    Process {
        try {
            foreach ($tl in $TokenLifetime) {
                $ssoAdminClient = $tl.GetClient()
                if ((-not $ssoAdminClient)) {
                    Write-Error "Object '$tl' is from disconnected server"
                    continue
                }
                $ssoAdminClient.SetTokenLifetime(
                    $MaxHoKTokenLifetime,
                    $MaxBearerTokenLifetime
                );
            }
        }
        catch {
            Write-Error (FormatError $_.Exception)
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psd1
@@ -0,0 +1,143 @@
 #
 # Module manifest for module 'VMware.vSphere.SsoAdmin'
 #
 # Generated by: Dimitar Milov
 #
 # Generated on: 7/28/2021
 #
@{
 # Script module or binary module file associated with this manifest.
 RootModule = 'VMware.vSphere.SsoAdmin.psm1'
 # Version number of this module.
 ModuleVersion = '1.3.8'
 # Supported PSEditions
 # CompatiblePSEditions = @()
 # ID used to uniquely identify this module
 GUID = 'b3e25326-e809-4d68-a252-ca5fcaf1eb8b'
 # Author of this module
 Author = 'Dimitar Milov'
 # Company or vendor of this module
 CompanyName = 'VMware, Inc.'
 # Copyright statement for this module
 Copyright = 'Copyright (c) VMware, Inc. All rights reserved.'
 # Description of the functionality provided by this module
 Description = 'PowerShell Module for Managing VMware vSphere SSO Admin functionality.'
 # Minimum version of the PowerShell engine required by this module
 # PowerShellVersion = ''
 # Name of the PowerShell host required by this module
 # PowerShellHostName = ''
 # Minimum version of the PowerShell host required by this module
 # PowerShellHostVersion = ''
 # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
 # DotNetFrameworkVersion = ''
 # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
 # ClrVersion = ''
 # Processor architecture (None, X86, Amd64) required by this module
 # ProcessorArchitecture = ''
 # Modules that must be imported into the global environment prior to importing this module
 RequiredModules = @(@{ModuleName = 'VMware.VimAutomation.Common'; ModuleVersion = '12.0.0.15939652'; })
 # Assemblies that must be loaded prior to importing this module
 # RequiredAssemblies = @()
 # Script files (.ps1) that are run in the caller's environment prior to importing this module.
 # ScriptsToProcess = @()
 # Type files (.ps1xml) to be loaded when importing this module
 # TypesToProcess = @()
 # Format files (.ps1xml) to be loaded when importing this module
 # FormatsToProcess = @()
 # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
 # NestedModules = @()
 # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
 FunctionsToExport = 'Connect-SsoAdminServer', 'Disconnect-SsoAdminServer',
               'New-SsoPersonUser', 'Get-SsoPersonUser', 'Set-SsoPersonUser',
               'Remove-SsoPersonUser', 'Set-SsoSelfPersonUserPassword',
               'New-SsoGroup', 'Get-SsoGroup', 'Set-SsoGroup', 'Remove-SsoGroup',
               'Add-GroupToSsoGroup', 'Remove-GroupFromSsoGroup',
               'Add-UserToSsoGroup', 'Remove-UserFromSsoGroup',
               'Get-SsoPasswordPolicy', 'Set-SsoPasswordPolicy',
               'Get-SsoLockoutPolicy', 'Set-SsoLockoutPolicy',
               'Get-SsoTokenLifetime', 'Set-SsoTokenLifetime', 'Get-IdentitySource', 'Set-IdentitySource',
               'Remove-IdentitySource', 'Add-ActiveDirectoryIdentitySource',
               'Add-LDAPIdentitySource', 'Set-LDAPIdentitySource',
               'Get-SsoAuthenticationPolicy', 'Set-SsoAuthenticationPolicy'
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
 CmdletsToExport = @()
 # Variables to export from this module
 # VariablesToExport = @()
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
 AliasesToExport = 'Add-ActiveDirectoryIdentitySource'
 # DSC resources to export from this module
 # DscResourcesToExport = @()
 # List of all modules packaged with this module
 # ModuleList = @()
 # List of all files packaged with this module
 # FileList = @()
 # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
 PrivateData = @{
    PSData = @{
        # Tags applied to this module. These help with module discovery in online galleries.
        # Tags = @()
        # A URL to the license for this module.
        # LicenseUri = ''
        # A URL to the main website for this project.
        # ProjectUri = ''
        # A URL to an icon representing this module.
        IconUri = 'https://raw.githubusercontent.com/vmware/PowerCLI-Example-Scripts/master/Modules/VMware.vSphere.SsoAdmin/src/resources/powercli.png'
        # ReleaseNotes of this module
        # ReleaseNotes = ''
        # Prerelease string of this module
        # Prerelease = ''
        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
        # RequireLicenseAcceptance = $false
        # External dependent modules of this module
        # ExternalModuleDependencies = @()
    } # End of PSData hashtable
 } # End of PrivateData hashtable
 # HelpInfo URI of this module
 # HelpInfoURI = ''
 # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
 # DefaultCommandPrefix = ''
 }
--- a/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
+++ b/Modules/VMware.vSphere.SsoAdmin/VMware.vSphere.SsoAdmin.psm1
@@ -0,0 +1,88 @@
 <#
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 #>
 #
 # Script module for module 'VMware.vSphere.SsoAdmin'
 #
 Set-StrictMode -Version Latest
 $moduleFileName = 'VMware.vSphere.SsoAdmin.psd1'
 # Set up some helper variables to make it easier to work with the module
 $PSModule = $ExecutionContext.SessionState.Module
 $PSModuleRoot = $PSModule.ModuleBase
 # Import the appropriate nested binary module based on the current PowerShell version
 $subModuleRoot = $PSModuleRoot
 if (($PSVersionTable.Keys -contains "PSEdition") -and ($PSVersionTable.PSEdition -ne 'Desktop')) {
    $subModuleRoot = Join-Path -Path $PSModuleRoot -ChildPath 'netcoreapp3.1'
 }
 else {
    $subModuleRoot = Join-Path -Path $PSModuleRoot -ChildPath 'net45'
 }
 $subModulePath = Join-Path -Path $subModuleRoot -ChildPath $moduleFileName
 $subModule = Import-Module -Name $subModulePath -PassThru
 # When the module is unloaded, remove the nested binary module that was loaded with it
 $PSModule.OnRemove = {
    Remove-Module -ModuleInfo $subModule
 }
 # Internal helper functions
 function HasWildcardSymbols {
    param(
        [string]
        $stringToVerify
    )
    (-not [string]::IsNullOrEmpty($stringToVerify) -and `
        ($stringToVerify -match '\*' -or `
                $stringToVerify -match '\?'))
 }
 function RemoveWildcardSymbols {
    param(
        [string]
        $stringToProcess
    )
    if (-not [string]::IsNullOrEmpty($stringToProcess)) {
        $stringToProcess.Replace('*', '').Replace('?', '')
    }
    else {
        [string]::Empty
    }
 }
 function FormatError {
    param(
        [System.Exception]
        $exception
    )
    if ($exception -ne $null) {
        if ($exception.InnerException -ne $null) {
            $exception = $exception.InnerException
        }
        # result
        $exception.Message
    }
 }
 # Global variables
 $global:DefaultSsoAdminServers = New-Object System.Collections.Generic.List[VMware.vSphere.SsoAdminClient.DataTypes.SsoAdminServer]
 # Import Module Advanced Functions Implementation
 Get-ChildItem -Path $PSScriptRoot -Filter '*.ps1' | ForEach-Object {
    Write-Debug "Importing file: $($_.BaseName)"
    try {
        . $_.FullName
    }
    catch {
        Write-Error -Message "Failed to import functions from $($_.Fullname): $_"
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.LsClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Format.ps1xml
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Format.ps1xml
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdmin.psd1
@@ -0,0 +1,86 @@
 #
 # Module manifest for module 'VMware.vSphere.SsoAdmin'
 #
 # Generated by: dmilov@vmware.com
 #
 # Generated on: 9/25/20
@{
 # Version number of this module.
 ModuleVersion = '1.0.0'
 # ID used to uniquely identify this module
 GUID = 'dd2b1928-e8ee-4c3a-a364-1caec6d3bd58'
 # Author of this module
 Author = 'Dimitar Milov'
 # Company or vendor of this module
 CompanyName = 'VMware, Inc.'
 # Copyright statement for this module
 Copyright = 'Copyright (c) VMware, Inc. All rights reserved.'
 # Description of the functionality provided by this module
 Description = 'PowerShell Module for Managing VMware vSphere SSO Admin functionality.'
 # Minimum version of the Windows PowerShell engine required by this module
 PowerShellVersion = '5.1'
 # Name of the Windows PowerShell host required by this module
 PowerShellHostName = ''
 # Minimum version of the Windows PowerShell host required by this module
 PowerShellHostVersion = ''
 # Minimum version of the .NET Framework required by this module
 DotNetFrameworkVersion = '4.5'
 # Minimum version of the common language runtime (CLR) required by this module
 CLRVersion = '4.0'
 # Processor architecture (None, X86, Amd64, IA64) required by this module
 ProcessorArchitecture = ''
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = @(
 'VMware.vSphere.SsoAdmin.Utils.dll',
 'VMware.vSphere.SsoAdminClient.dll',
 'VMware.vSphere.LsClient.dll'
 )
 # Script files (.ps1) that are run in the caller's environment prior to importing this module
 # ScriptsToProcess = @()
 # Type files (.ps1xml) to be loaded when importing this module
 # TypesToProcess = @()
 # Format files (.ps1xml) to be loaded when importing this module
 #FormatsToProcess = 'VMware.vSphere.SsoAdmin.Format.ps1xml'
 # Modules to import as nested modules of the module specified in ModuleToProcess
 #NestedModules= @()
 # Functions to export from this module
 FunctionsToExport = '*'
 # Cmdlets to export from this module
 CmdletsToExport = '*'
 # Variables to export from this module
 VariablesToExport = '*'
 # Aliases to export from this module
 AliasesToExport = '*'
 # List of all modules packaged with this module
 ModuleList = @()
 # List of all files packaged with this module
 FileList = ''
 # Private data to pass to the module specified in ModuleToProcess
 PrivateData = ''
 }
--- a/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/net45/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.LsClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Format.ps1xml
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Format.ps1xml
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.Utils.dll
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.psd1
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdmin.psd1
@@ -0,0 +1,83 @@
 #
 # Module manifest for module 'VMware.vSphere.SsoAdmin'
 #
 # Generated by: dmilov@vmware.com
 #
 # Generated on: 9/25/20
@{
 # Version number of this module.
 ModuleVersion = '1.0.0'
 # ID used to uniquely identify this module
 GUID = '29f1ed8b-311a-4ea1-80a6-0f3ec56e8259'
 # Author of this module
 Author = 'Dimitar Milov'
 # Company or vendor of this module
 CompanyName = 'VMware, Inc.'
 # Copyright statement for this module
 Copyright = 'Copyright (c) VMware, Inc. All rights reserved.'
 # Description of the functionality provided by this module
 Description = 'PowerShell Module for Managing VMware vSphere SSO Admin functionality.'
 # Minimum version of the Windows PowerShell engine required by this module
 PowerShellVersion = '6.0.1'
 # Specifies the compatible PSEditions of the module.
 CompatiblePSEditions = @('Core')
 # Name of the Windows PowerShell host required by this module
 PowerShellHostName = ''
 # Minimum version of the Windows PowerShell host required by this module
 PowerShellHostVersion = ''
 # Processor architecture (None, X86, Amd64, IA64) required by this module
 ProcessorArchitecture = ''
 # Assemblies that must be loaded prior to importing this module
 RequiredAssemblies = @(
 'VMware.vSphere.SsoAdmin.Utils.dll',
 'VMware.vSphere.SsoAdminClient.dll',
 'VMware.vSphere.LsClient.dll'
 )
 # Script files (.ps1) that are run in the caller's environment prior to importing this module
 # ScriptsToProcess = @()
 # Type files (.ps1xml) to be loaded when importing this module
 # TypesToProcess = @()
 # Format files (.ps1xml) to be loaded when importing this module
 #FormatsToProcess = 'VMware.vSphere.SsoAdmin.Format.ps1xml'
 # Modules to import as nested modules of the module specified in ModuleToProcess
 #NestedModules= @()
 # Functions to export from this module
 FunctionsToExport = '*'
 # Cmdlets to export from this module
 CmdletsToExport = '*'
 # Variables to export from this module
 VariablesToExport = '*'
 # Aliases to export from this module
 AliasesToExport = '*'
 # List of all modules packaged with this module
 ModuleList = @()
 # List of all files packaged with this module
 FileList = ''
 # Private data to pass to the module specified in ModuleToProcess
 PrivateData = ''
 }
--- a/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
+++ b/Modules/VMware.vSphere.SsoAdmin/netcoreapp3.1/VMware.vSphere.SsoAdminClient.dll
--- a/Modules/VMware.vSphere.SsoAdmin/src/.gitignore
+++ b/Modules/VMware.vSphere.SsoAdmin/src/.gitignore
@@ -0,0 +1,3 @@
 **/.vs
 **/bin
 **/obj
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/Nuget.config
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/Nuget.config
@@ -0,0 +1,5 @@
 <configuration>
  <packageSources>    
    <add key="LocalPackages" value="packages" />    
  </packageSources>
 </configuration>
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/Connected
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/Connected
@@ -0,0 +1,24 @@
 {
  "ProviderId": "Microsoft.VisualStudio.ConnectedService.Wcf",
  "Version": "15.0.20628.921",
  "ExtendedData": {
    "Uri": "https://10.23.80.205/lookupservice/wsdl/lookup.wsdl",
    "Namespace": "LookupServiceReference",
    "SelectedAccessLevelForGeneratedClass": "Public",
    "GenerateMessageContract": false,
    "ReuseTypesinReferencedAssemblies": true,
    "ReuseTypesinAllReferencedAssemblies": true,
    "CollectionTypeReference": {
      "Item1": "System.Array",
      "Item2": "System.Runtime.dll"
    },
    "DictionaryCollectionTypeReference": {
      "Item1": "System.Collections.Generic.Dictionary`2",
      "Item2": "System.Collections.dll"
    },
    "CheckedReferencedAssemblies": [],
    "InstanceId": null,
    "Name": "LookupServiceReference",
    "Metadata": {}
  }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/Connected
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/Connected
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/LookupServiceClient.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/LookupServiceClient.cs
@@ -0,0 +1,136 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections;
 using System.Collections.Generic;
 using System.IdentityModel.Selectors;
 using System.Linq;
 using System.Security;
 using System.Security.Cryptography.X509Certificates;
 using System.ServiceModel;
 using System.ServiceModel.Channels;
 using System.ServiceModel.Security;
 using System.Text;
 using LookupServiceReference;
 namespace VMware.vSphere.LsClient
 {
   public class LookupServiceClient {
      private const int WEB_OPERATION_TIMEOUT_SECONDS = 30;
      private LsPortTypeClient _lsClient;
      private static readonly ManagedObjectReference RootMoRef = new ManagedObjectReference
      {
         type = "LookupServiceInstance",
         Value = "ServiceInstance"
      };
      public LookupServiceClient(string hostname, X509CertificateValidator serverCertificateValidator) {
         var lsUri = $"https://{hostname}/lookupservice/sdk";
         _lsClient = new LsPortTypeClient(GetBinding(), new EndpointAddress(new Uri(lsUri)));
         var serverAuthentication = GetServerAuthentication(serverCertificateValidator);
         if (serverAuthentication != null)
         {
            _lsClient
               .ChannelFactory
               .Credentials
               .ServiceCertificate
               .SslCertificateAuthentication = serverAuthentication;
         }
      }
      #region Private Helpers
      private X509ServiceCertificateAuthentication GetServerAuthentication(X509CertificateValidator serverCertificateValidator)
      {
         if (serverCertificateValidator != null) {
            return new X509ServiceCertificateAuthentication {
               CertificateValidationMode = X509CertificateValidationMode.Custom,
               CustomCertificateValidator = serverCertificateValidator
            };
         }
         // Default .NET behavior for TLS certificate validation
         return null;
      }
      private static MessageEncodingBindingElement GetWcfEncoding()
      {
         return new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8);
      }
      private static HttpsTransportBindingElement GetWcfTransport(bool useSystemProxy)
      {
         HttpsTransportBindingElement transport = new HttpsTransportBindingElement
         {
            RequireClientCertificate = false
         };
         transport.UseDefaultWebProxy = useSystemProxy;
         transport.MaxBufferSize = 2147483647;
         transport.MaxReceivedMessageSize = 2147483647;
         return transport;
      }
      private static Binding GetBinding() {
        var binding = new CustomBinding(GetWcfEncoding(), GetWcfTransport(true));
         var timeout = TimeSpan.FromSeconds(WEB_OPERATION_TIMEOUT_SECONDS);
         binding.CloseTimeout = timeout;
         binding.OpenTimeout = timeout;
         binding.ReceiveTimeout = timeout;
         binding.SendTimeout = timeout;
         return binding;
      }
      #endregion
      public Uri GetSsoAdminEndpointUri() {
         var product = "com.vmware.cis";
         var endpointType = "com.vmware.cis.cs.identity.admin";
         var type = "sso:admin";
         return FindServiceEndpoint(product, type, endpointType);
      }
      public Uri GetStsEndpointUri() {
         var product = "com.vmware.cis";
         var type = "cs.identity";
         var endpointType = "com.vmware.cis.cs.identity.sso";
         return FindServiceEndpoint(product, type, endpointType);
      }
      private Uri FindServiceEndpoint(string product, string type, string endpointType) {
         Uri result = null;
         var svcContent = _lsClient.RetrieveServiceContentAsync(RootMoRef).Result;
         var filterCriteria = new LookupServiceRegistrationFilter() {
            serviceType = new LookupServiceRegistrationServiceType {
               product = product,
               type = type
            }
         };
         var lsRegInfo = _lsClient.
            ListAsync(svcContent.serviceRegistration, filterCriteria)
            .Result?
            .returnval?
            .FirstOrDefault();
         if (lsRegInfo != null) {
            var registrationEndpooint = lsRegInfo.
               serviceEndpoints?.
               Where(a => a.endpointType.type == endpointType)?.
               FirstOrDefault<LookupServiceRegistrationEndpoint>();
            if (registrationEndpooint != null) {
               result = new Uri(registrationEndpooint.url);
            }
         }
         return result;
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/VMware.vSphere.LsClient.csproj
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.LsClient/VMware.vSphere.LsClient.csproj
@@ -0,0 +1,23 @@
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <RootNamespace>VMware.vSphere.LsClient</RootNamespace>
    <AssemblyName>VMware.vSphere.LsClient</AssemblyName>
    <Description>vSphere Lookup Service API client.</Description>
    <TargetFrameworks>net45;netcoreapp3.1</TargetFrameworks>
  </PropertyGroup>
  <ItemGroup Condition="'$(TargetFramework)' == 'net45'">
    <Reference Include="System.IdentityModel" />
    <Reference Include="System.ServiceModel" />
  </ItemGroup>
  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
    <PackageReference Include="VMware.System.Private.ServiceModel" Version="4.4.4" />
  </ItemGroup>
  <ItemGroup>
    <WCFMetadata Include="Connected Services" />
  </ItemGroup>
 </Project>
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Client.sln
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Client.sln
@@ -0,0 +1,43 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 16
 VisualStudioVersion = 16.0.30503.244
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "VMware.vSphere.SsoAdminClient", "VMware.vSphere.SsoAdminClient\VMware.vSphere.SsoAdminClient.csproj", "{BD48E0DD-4048-48FD-B0BE-560E2417A2CC}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "VMware.vSphere.LsClient", "VMware.vSphere.LsClient\VMware.vSphere.LsClient.csproj", "{EEC4C335-3E6C-4FA5-84CD-CBADCD720F35}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "VMware.vSphere.SsoAdmin.Utils", "VMware.vSphere.SsoAdmin.Utils\VMware.vSphere.SsoAdmin.Utils.csproj", "{1523743E-C01E-4D37-845F-0BB8DAF9EE7E}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "VMware.vSphere.SsoAdminClient.Tests", "VMware.vSphere.SsoAdminClient.Tests\VMware.vSphere.SsoAdminClient.Tests.csproj", "{90E6C4A6-FDB4-43FC-B156-ADBCF2B85CCE}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
 		Release|Any CPU = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{BD48E0DD-4048-48FD-B0BE-560E2417A2CC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{BD48E0DD-4048-48FD-B0BE-560E2417A2CC}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{BD48E0DD-4048-48FD-B0BE-560E2417A2CC}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{BD48E0DD-4048-48FD-B0BE-560E2417A2CC}.Release|Any CPU.Build.0 = Release|Any CPU
 		{EEC4C335-3E6C-4FA5-84CD-CBADCD720F35}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{EEC4C335-3E6C-4FA5-84CD-CBADCD720F35}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{EEC4C335-3E6C-4FA5-84CD-CBADCD720F35}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{EEC4C335-3E6C-4FA5-84CD-CBADCD720F35}.Release|Any CPU.Build.0 = Release|Any CPU
 		{1523743E-C01E-4D37-845F-0BB8DAF9EE7E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{1523743E-C01E-4D37-845F-0BB8DAF9EE7E}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{1523743E-C01E-4D37-845F-0BB8DAF9EE7E}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{1523743E-C01E-4D37-845F-0BB8DAF9EE7E}.Release|Any CPU.Build.0 = Release|Any CPU
 		{90E6C4A6-FDB4-43FC-B156-ADBCF2B85CCE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{90E6C4A6-FDB4-43FC-B156-ADBCF2B85CCE}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{90E6C4A6-FDB4-43FC-B156-ADBCF2B85CCE}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{90E6C4A6-FDB4-43FC-B156-ADBCF2B85CCE}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {9A376526-4487-43FF-A527-E34AD4764F12}
 	EndGlobalSection
 EndGlobal
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/AcceptAllX509CertificateValidator.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/AcceptAllX509CertificateValidator.cs
@@ -0,0 +1,21 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.IdentityModel.Selectors;
 using System.Security.Cryptography.X509Certificates;
 namespace VMware.vSphere.SsoAdmin.Utils
 {
   public class AcceptAllX509CertificateValidator : X509CertificateValidator
   {
      public override void Validate(X509Certificate2 certificate) {
         // Check that there is a certificate.
         if (certificate == null) {
            throw new ArgumentNullException(nameof(certificate));
         }
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/StringToSecureStringArgumentTransformationAttribute.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/StringToSecureStringArgumentTransformationAttribute.cs
@@ -0,0 +1,39 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Management.Automation;
 using System.Security;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdmin.Utils
 {
   public class StringToSecureStringArgumentTransformationAttribute : ArgumentTransformationAttribute
   {
      private static class SecureStringConverter
      {
         public static SecureString ToSecureString(string value) {
            var result = new SecureString();
            foreach (var c in value.ToCharArray()) {
               result.AppendChar(c);
            }
            return result;
         }
      }
      public override object Transform(EngineIntrinsics engineIntrinsics, object inputData) {
         object result = inputData;
         if (inputData is string s) {
            result = SecureStringConverter.ToSecureString(s);
         }
         return result;
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/StringToSsoAdminServerArgumentTransformationAttribute.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/StringToSsoAdminServerArgumentTransformationAttribute.cs
@@ -0,0 +1,55 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Management.Automation;
 using System.Management.Automation.Runspaces;
 using System.Security;
 using System.Text;
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using VMware.vSphere.SsoAdminClient.DataTypes;
 namespace VMware.vSphere.SsoAdmin.Utils
 {
   public class StringToSsoAdminServerArgumentTransformationAttribute : ArgumentTransformationAttribute
   {
      public override object Transform(EngineIntrinsics engineIntrinsics, object inputData) {
         object result = inputData;
         if (inputData is string obnValue &&
             !string.IsNullOrEmpty(obnValue)) {
            // Adopt PowerShell regex chars
            var csharpObnValue = obnValue.Replace("*", ".*").Replace("?", ".?");
            result = null;
            var obnMatchingServers = new List<SsoAdminServer>();
            var ssoAdminServerVariable = engineIntrinsics.SessionState.PSVariable.GetValue("DefaultSsoAdminServers");
            if (ssoAdminServerVariable is PSObject ssoAdminServersPsObj &&
                ssoAdminServersPsObj.BaseObject is List<SsoAdminServer> connectedServers) {
               foreach (var server in connectedServers) {
                  if (!string.IsNullOrEmpty(Regex.Match(server.ToString(), csharpObnValue)?.Value)) {
                     obnMatchingServers.Add(server);
                  }
              }
            }
            if (obnMatchingServers.Count > 0) {
               result = obnMatchingServers.ToArray();
            } else {
               // Non-terminating error for not matching value
               engineIntrinsics.Host.UI.WriteErrorLine($"'{obnValue}' doesn't match any objects in $global:DefaultSsoAdminServers variable");
            }
         }
         return result;
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/VMware.vSphere.SsoAdmin.Utils.csproj
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdmin.Utils/VMware.vSphere.SsoAdmin.Utils.csproj
@@ -0,0 +1,25 @@
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <RootNamespace>VMware.vSphere.SsoAdmin.Utils</RootNamespace>
    <AssemblyName>VMware.vSphere.SsoAdmin.Utils</AssemblyName>
    <Description>vSphere Lookup SsoAdmin utility types.</Description>
    <TargetFrameworks>net45;netcoreapp3.1</TargetFrameworks>
  </PropertyGroup>
  <ItemGroup Condition="'$(TargetFramework)' == 'net45'">
    <Reference Include="System.IdentityModel" />
    <Reference Include="System.ServiceModel" />
    <PackageReference Include="Microsoft.PowerShell.5.ReferenceAssemblies" Version="1.0.0" />
  </ItemGroup>
  <ItemGroup Condition="'$(TargetFramework)' == 'netcoreapp3.1'">
    <PackageReference Include="Microsoft.WSMan.Runtime" Version="6.1.0" />
    <PackageReference Include="VMware.System.Private.ServiceModel" Version="4.4.4" />
  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="..\VMware.vSphere.SsoAdminClient\VMware.vSphere.SsoAdminClient.csproj" />
  </ItemGroup>
 </Project>
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/IntegrationTests.cs
@@ -0,0 +1,299 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using NUnit.Framework;
 using System.Linq;
 using System.Security;
 using VMware.vSphere.SsoAdmin.Utils;
 using VMware.vSphere.SsoAdminClient.DataTypes;
 namespace VMware.vSphere.SsoAdminClient.Tests
 {
   public class Tests
   {
      private string _vc = "<vc>";
      private string _user = "<user>";
      private string _rawPassword = "<password>";
      private SecureString _password;
      [SetUp]
      public void Setup() {
         _password = new SecureString();
         foreach (char c in _rawPassword) {
            _password.AppendChar(c);
         }
      }
      [Test]
      public void AddRemoveLocalUser() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         var expectedUserName = "test-user2";
         var expectedPassword = "te$tPa$sW0rd";
         var expectedDescription = "test-description";
         var expectedEmail = "testuse@testdomain.loc";
         var expectedFirstName = "Test";
         var expectedLastName = "User";
         // Act Create User
         var actual = ssoAdminClient.CreateLocalUser(
            expectedUserName,
            expectedPassword,
            expectedDescription,
            expectedEmail,
            expectedFirstName,
            expectedLastName);
         // Assert Created User
         Assert.AreEqual(expectedUserName, actual.Name);
         Assert.AreEqual(expectedDescription, actual.Description);
         Assert.AreEqual(expectedEmail, actual.EmailAddress);
         Assert.AreEqual(expectedFirstName, actual.FirstName);
         Assert.AreEqual(expectedLastName, actual.LastName);
         // Act Delete User
         ssoAdminClient.DeleteLocalUser(
            actual);
      }
      [Test]
      public void GetAllLocalOsUsers() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetLocalUsers("", "localos").ToArray();
         // Assert
         Assert.NotNull(actual);
         Assert.Greater(actual.Length, 0);
      }
      [Test]
      public void GetRootLocalOsUsers() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetLocalUsers("root", "localos").ToArray();
         // Assert
         Assert.NotNull(actual);
         Assert.AreEqual(1, actual.Length);
         Assert.AreEqual("root", actual[0].Name);
         Assert.AreEqual("localos", actual[0].Domain);
      }
      [Test]
      public void GetRootLocalOsGroups() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetGroups("", "localos").ToArray();
         // Assert
         Assert.NotNull(actual);
         Assert.Greater(actual.Length, 1);
         Assert.AreEqual("localos", actual[0].Domain);
      }
      [Test]
      public void GetPersonUsersInGroup() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetPersonUsersInGroup("", new Group(ssoAdminClient) {
            Name = "Administrators",
            Domain = "vsphere.local"
         }).ToArray();
         // Assert
         Assert.NotNull(actual);
         Assert.GreaterOrEqual(actual.Length, 1);
         Assert.AreEqual("vsphere.local", actual[0].Domain);
      }
      [Test]
      public void AddRemoveUserFromGroup() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         var expectedUserName = "test-user5";
         var expectedPassword = "te$tPa$sW0rd";
         var newUser = ssoAdminClient.CreateLocalUser(
            expectedUserName,
            expectedPassword);
         var group = ssoAdminClient.GetGroups("administrators", newUser.Domain).FirstOrDefault<Group>();
         // Act
         var addActual = ssoAdminClient.AddPersonUserToGroup(newUser, group);
         var removeActual = ssoAdminClient.RemovePersonUserFromGroup(newUser, group);
         // Assert
         Assert.IsTrue(addActual);
         Assert.IsTrue(removeActual);
         // Cleanup
         ssoAdminClient.DeleteLocalUser(
            newUser);
      }
      [Test]
      public void ResetUserPassword() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         var expectedUserName = "test-user6";
         var expectedPassword = "te$tPa$sW0rd";
         var updatePassword = "TE$tPa$sW0rd";
         var newUser = ssoAdminClient.CreateLocalUser(
            expectedUserName,
            expectedPassword);
         // Act
         // Assert
         Assert.DoesNotThrow(() => {
            ssoAdminClient.ResetPersonUserPassword(newUser, updatePassword);
         });
         // Cleanup
         ssoAdminClient.DeleteLocalUser(
            newUser);
      }
      [Test]
      public void GetPasswordPolicy() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetPasswordPolicy();
         // Assert
         Assert.NotNull(actual);
      }
      [Test]
      public void SetPasswordPolicy() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         var originalPasswordPolicy = ssoAdminClient.GetPasswordPolicy();
         var expectedDescription = "TestDescription";
         var expectedProhibitedPreviousPasswordsCount = originalPasswordPolicy.ProhibitedPreviousPasswordsCount + 1;
         var expectedMinLength = originalPasswordPolicy.MinLength + 1;
         var expectedMaxLength = originalPasswordPolicy.MaxLength + 1;
         var exptectedMaxIdenticalAdjacentCharacters = originalPasswordPolicy.MaxIdenticalAdjacentCharacters + 1;
         var expectedMinNumericCount = originalPasswordPolicy.MinNumericCount + 1;
         var expectedMinSpecialCharCount = originalPasswordPolicy.MinSpecialCharCount + 1;
         var expectedMinAlphabeticCount = originalPasswordPolicy.MinAlphabeticCount + 2;
         var expectedMinUppercaseCount = 0;
         var expectedMinLowercaseCount = originalPasswordPolicy.MinLowercaseCount + 2;
         var expectedPasswordLifetimeDays = originalPasswordPolicy.PasswordLifetimeDays - 2;
         // Act
         var actual = ssoAdminClient.SetPasswordPolicy(
            description: expectedDescription,
            prohibitedPreviousPasswordsCount: expectedProhibitedPreviousPasswordsCount,
            minLength: expectedMinLength,
            maxLength: expectedMaxLength,
            maxIdenticalAdjacentCharacters: exptectedMaxIdenticalAdjacentCharacters,
            minNumericCount: expectedMinNumericCount,
            minSpecialCharCount: expectedMinSpecialCharCount,
            minAlphabeticCount: expectedMinAlphabeticCount,
            minUppercaseCount: expectedMinUppercaseCount,
            minLowercaseCount: expectedMinLowercaseCount,
            passwordLifetimeDays: expectedPasswordLifetimeDays);
         // Assert
         Assert.NotNull(actual);
         Assert.AreEqual(expectedDescription, actual.Description);
         Assert.AreEqual(expectedProhibitedPreviousPasswordsCount, actual.ProhibitedPreviousPasswordsCount);
         Assert.AreEqual(expectedMinLength, actual.MinLength);
         Assert.AreEqual(expectedMaxLength, actual.MaxLength);
         Assert.AreEqual(exptectedMaxIdenticalAdjacentCharacters, actual.MaxIdenticalAdjacentCharacters);
         Assert.AreEqual(expectedMinNumericCount, actual.MinNumericCount);
         Assert.AreEqual(expectedMinAlphabeticCount, actual.MinAlphabeticCount);
         Assert.AreEqual(expectedMinUppercaseCount, actual.MinUppercaseCount);
         Assert.AreEqual(expectedMinLowercaseCount, actual.MinLowercaseCount);
         Assert.AreEqual(expectedPasswordLifetimeDays, actual.PasswordLifetimeDays);
         // Cleanup
         ssoAdminClient.SetPasswordPolicy(
            description: originalPasswordPolicy.Description,
            prohibitedPreviousPasswordsCount: originalPasswordPolicy.ProhibitedPreviousPasswordsCount,
            minLength: originalPasswordPolicy.MinLength,
            maxLength: originalPasswordPolicy.MaxLength,
            maxIdenticalAdjacentCharacters: originalPasswordPolicy.MaxIdenticalAdjacentCharacters,
            minNumericCount: originalPasswordPolicy.MinNumericCount,
            minSpecialCharCount: originalPasswordPolicy.MinSpecialCharCount,
            minAlphabeticCount: originalPasswordPolicy.MinAlphabeticCount,
            minUppercaseCount: originalPasswordPolicy.MinUppercaseCount,
            minLowercaseCount: originalPasswordPolicy.MinLowercaseCount,
            passwordLifetimeDays: originalPasswordPolicy.PasswordLifetimeDays);
      }
      [Test]
      public void GetLockoutPolicy() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetLockoutPolicy();
         // Assert
         Assert.NotNull(actual);
      }
      [Test]
      public void SetLockoutPolicy() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         var originalLockoutPolicy = ssoAdminClient.GetLockoutPolicy();
         var expectedDescription = "TestDescription";
         var expectedAutoUnlockIntervalSec = 20;
         var expectedFailedAttemptIntervalSec = 30;
         var expectedMaxFailedAttempts = 5;
         // Act
         var actual = ssoAdminClient.SetLockoutPolicy(
            expectedDescription,
            expectedAutoUnlockIntervalSec,
            expectedFailedAttemptIntervalSec,
            expectedMaxFailedAttempts);
         // Assert
         Assert.NotNull(actual);
         Assert.AreEqual(expectedDescription, actual.Description);
         Assert.AreEqual(expectedAutoUnlockIntervalSec, actual.AutoUnlockIntervalSec);
         Assert.AreEqual(expectedFailedAttemptIntervalSec, actual.FailedAttemptIntervalSec);
         Assert.AreEqual(expectedMaxFailedAttempts, actual.MaxFailedAttempts);
         // Cleanup
         ssoAdminClient.SetLockoutPolicy(
            originalLockoutPolicy.Description,
            originalLockoutPolicy.AutoUnlockIntervalSec,
            originalLockoutPolicy.FailedAttemptIntervalSec,
            originalLockoutPolicy.MaxFailedAttempts
            );
      }
      [Test]
      public void GetDomains() {
         // Arrange
         var ssoAdminClient = new SsoAdminClient(_vc, _user, _password, new AcceptAllX509CertificateValidator());
         // Act
         var actual = ssoAdminClient.GetDomains().ToArray<IdentitySource>();
         // Assert
         Assert.NotNull(actual);
         Assert.IsTrue(actual.Length >= 2);
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/VMware.vSphere.SsoAdminClient.Tests.csproj
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient.Tests/VMware.vSphere.SsoAdminClient.Tests.csproj
@@ -0,0 +1,20 @@
 <Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <TargetFramework>netcoreapp3.1</TargetFramework>
    <IsPackable>false</IsPackable>
  </PropertyGroup>
  <ItemGroup>
    <PackageReference Include="nunit" Version="3.12.0" />
    <PackageReference Include="NUnit3TestAdapter" Version="3.15.1" />
    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.4.0" />
  </ItemGroup>
  <ItemGroup>
    <ProjectReference Include="..\VMware.vSphere.SsoAdmin.Utils\VMware.vSphere.SsoAdmin.Utils.csproj" />
    <ProjectReference Include="..\VMware.vSphere.SsoAdminClient\VMware.vSphere.SsoAdminClient.csproj" />
  </ItemGroup>
 </Project>
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/ActiveDirectoryIdentitySource.cs
@@ -0,0 +1,30 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class ActiveDirectoryIdentitySource : IdentitySource
   {
      public string Type { get; set; }
      public string Alias { get; set; }
      public string AuthenticationType { get; set; }
      public string AuthenticationUsername { get; set; }
      public string FriendlyName { get; set; }
      public string PrimaryUrl { get; set; }
      public string FailoverUrl { get; set; }
      public string UserBaseDN { get; set; }
      public string GroupBaseDN { get; set; }
      public System.Security.Cryptography.X509Certificates.X509Certificate2[] Certificates {get ;set;}
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/AuthenticationPolicy.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/AuthenticationPolicy.cs
@@ -0,0 +1,36 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System.Security.Cryptography.X509Certificates;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
    public class AuthenticationPolicy
    {
        SsoAdminClient _client;
        public AuthenticationPolicy(SsoAdminClient client) {
            _client = client;
        }
        public SsoAdminClient GetClient() {
            return _client;
        }
        public bool PasswordAuthnEnabled { get; internal set; }
        public bool WindowsAuthnEnabled { get; internal set; }
        public bool SmartCardAuthnEnabled { get; internal set; }
        public bool OCSPEnabled { get; internal set; }
        public bool UseCRLAsFailOver { get; internal set; }
        public bool SendOCSPNonce { get; internal set; }
        public string OCSPUrl { get; internal set; }
        public X509Certificate2  OCSPResponderSigningCert { get; internal set; }
        public bool UseInCertCRL { get; internal set; }
        public string CRLUrl { get; internal set; }
        public int CRLCacheSize { get; internal set; }
        public string[] Oids { get; internal set; }
        public string[] TrustedCAs { get; internal set; }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/Group.cs
@@ -0,0 +1,35 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
    public class Group
    {
        SsoAdminClient _client;
        public Group(SsoAdminClient client)
        {
            _client = client;
        }
        public string Name { get; set; }
        public string Domain { get; set; }
        public string Description { get; set; }
        public SsoAdminClient GetClient()
        {
            return _client;
        }
        public override string ToString()
        {
            return $"{Name}@{Domain}";
        }
    }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/IdentitySource.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/IdentitySource.cs
@@ -0,0 +1,18 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class IdentitySource
   {
      public string Name { get; set; }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/LocalOSIdentitySource.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/LocalOSIdentitySource.cs
@@ -0,0 +1,16 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class LocalOSIdentitySource : IdentitySource
   {
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/LockoutPolicy.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/LockoutPolicy.cs
@@ -0,0 +1,31 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.ServiceModel.Security;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class LockoutPolicy
   {
      SsoAdminClient _client;
      public LockoutPolicy(SsoAdminClient client) {
         _client = client;
      }
      public SsoAdminClient GetClient() {
         return _client;
      }
      public string Description { get; set; }
      public long AutoUnlockIntervalSec { get; set; }
      public long FailedAttemptIntervalSec { get; set; }
      public int MaxFailedAttempts { get; set; }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PasswordPolicy.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PasswordPolicy.cs
@@ -0,0 +1,37 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class PasswordPolicy
   {
      SsoAdminClient _client;
      public PasswordPolicy(SsoAdminClient client) {
         _client = client;
      }
      public string Description { get; set; }
      public int ProhibitedPreviousPasswordsCount { get; set; }
      public int MinLength { get; set; }
      public int MaxLength { get; set; }
      public int MinNumericCount { get; set; }
      public int MinSpecialCharCount { get; set; }
      public int MaxIdenticalAdjacentCharacters { get; set; }
      public int MinAlphabeticCount { get; set; }
      public int MinUppercaseCount { get; set; }
      public int MinLowercaseCount { get; set; }
      public int PasswordLifetimeDays { get; set; }
      public SsoAdminClient GetClient() {
         return _client;
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/PersonUser.cs
@@ -0,0 +1,39 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class PersonUser
   {
      SsoAdminClient _client;
      public PersonUser(SsoAdminClient client) {
         _client = client;
      }
      public string Name { get; set; }
      public string Domain { get; set; }
      public string Description { get; set; }
      public string FirstName { get; set; }
      public string LastName { get; set; }
      public string EmailAddress { get; set; }
      public bool Locked { get; set; }
      public bool Disabled { get; set; }
      public Nullable<int> PasswordExpirationRemainingDays { get; set; }
      public SsoAdminClient GetClient() {
         return _client;
      }
      public override string ToString() {
         return $"{Name}@{Domain}";
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SsoAdminServer.cs
@@ -0,0 +1,79 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.IdentityModel.Selectors;
 using System.Linq;
 using System.Security;
 using System.Text;
 using System.Threading.Tasks;
 using VMware.Binding.Sts.StsService;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class SsoAdminServer {
      private SsoAdminClient _client;
      public SsoAdminServer(string hostname,
         string user,
         SecureString password,
         X509CertificateValidator serverCertificateValidator) {
         Name = hostname;
         _client = new SsoAdminClient(
            hostname,
            user,
            password,
            serverCertificateValidator);
         RefCount = 1;
         Id = $"/SsoAdminServer={NormalizeUserName()}@{Name}";
      }
      private string NormalizeUserName() {
         string result = User;
         if (User.Contains('@')) {
            var parts = User.Split('@');
            var userName = parts[0];
            var domain = parts[1];
            result = $"{domain}/{userName}";
         }
         return result;
      }
      public string Name { get; }
      public Uri ServiceUri => _client?.ServiceUri;
      public string User => _client?.User;
      public string Id { get; set; }
      public bool IsConnected => _client != null;
      public SsoAdminClient Client => _client;
      public int RefCount { get; set; }
      public void Disconnect() {
         if (--RefCount == 0) {
            _client = null;
         }
      }
      public override string ToString() {
         return Name;
      }
      public override int GetHashCode() {
         return Id != null ? Id.GetHashCode() : base.GetHashCode();
      }
      public override bool Equals(object obj) {
         bool result = false;
         if (obj is SsoAdminServer target) {
            result = string.Equals(Id, target.Id);
         }
         return result;
      }
   }
 }
--- a/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SystemIdentitySource.cs
+++ b/Modules/VMware.vSphere.SsoAdmin/src/VMware.vSphere.SsoAdmin.Client/VMware.vSphere.SsoAdminClient/DataTypes/SystemIdentitySource.cs
@@ -0,0 +1,17 @@
 /*
 Copyright 2021 VMware, Inc.
 SPDX-License-Identifier: BSD-2-Clause
 */
 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Text;
 using System.Threading.Tasks;
 namespace VMware.vSphere.SsoAdminClient.DataTypes
 {
   public class SystemIdentitySource : IdentitySource
   {
   }
 }
--- a/Show More
+++ b/Show More