In 3.1, you can manage the admin and audit user's account through an NSX Data Center appliance's CLI. This topic describes how the admin user manages the admin or audit accounts only.

The admin user can manage the password and change the name of the admin and audit users, but cannot add, delete, or deactivate users. Any change to the admin or audit user's account is audited. Admin cannot use the CLI to make changes to guest user accounts.

For extended access available in 3.1.1, see Manage Local User Accounts (NSX-T Data Center 3.1.1 and later).

The audit user has read privileges to the NSX-T environment and is not active by default. To activate it, log in as admin and run the set user audit password command and provide a new password. When prompted for the current password, press the Enter key.

By default, user passwords expire after 90 days. You can change or deactivate the password expiration for each user.

When the password of admin or audit on the NSX Manager will expire within 30 days, the NSX Manager web interface displays a password expiration notification. If you set the password expiration to 30 days or less the notification is always present. The notification includes a Change Password link. Click the link to change the user's password.


Familiarize yourself with the password complexity requirements for NSX Manager and NSX Edge. See " NSX Manager Installation" and " NSX Edge Installation" in the NSX-T Data Center Installation Guide.


  1. Log in to the appliance's CLI as admin.
  2. To change the admin or audit password, run the set user <username> password command. For example:
    nsx> set user audit password
    Current password:
    New password:
    Confirm new password:
  3. To change the name of the admin or audit user, run the set user <username> username <new username> command. For example:
    nsx> set user admin username admin1
  4. To get the password expiration information, run the get user <username> password-expiration command. For example:
    nsx> get user admin password-expiration
    Password expires 90 days after last change
  5. To see a list of supported user names, run the set user [TAB][TAB] command. For example:
    nsx> set user [TAB][TAB]
      admin     Username of user
      audit     Username of user
      root      Username of user
  6. To set the password expiration time in days for the admin or audit user, run the set user <username> password-expiration <number of days> command.
    nsx> set user admin password-expiration 120
  7. To deactivate password expiration for admin or audit users, run the clear user <username> password-expiration command. For example:
    nsx> clear user admin password-expiration