Pages

1/24/2011

WSUS: Microsoft Windows Server Update Service

The MMC for WSUS leaves much to be desired for reporting. It'd be nice to be able to print or at least export the view that lists the clients and their status. So it can be used to figure out which clients are missing or what servers might be configured there still that no longer exist.
The script below will help. It generates a list of server machine accounts from AD and then exports the list from WSUS and then generates lists for review.
#LIST-AUDIT.PS1
#Export list of server accounts from AD, export WSUS clients, compare
#
#Define variables
$WSUSserver = 'PRIWSUS02'
$serverlist = 'c:\audit\data\servers.txt'
$WSUSList = 'c:\audit\data\WSUS.txt'
$InWSUS = 'c:\audit\data\OK-Servers-on-WSUS-list.txt'
$NotInWSUS = 'c:\audit\report\REVIEW-Servers-not-on-WSUS-list.txt'
$allservers = 'c:\audit\data\allservers.txt'
$WSUSorphans = 'c:\audit\report\REVIEW-WSUS-item-not-on-Servers-list.txt'
#Initialize files
New-Item $serverlist -Type file -Force >$nul
New-Item $WSUSList -Type file -Force >$nul
New-Item $InWSUS -Type file -Force >$nul
New-Item $NotInWSUS -Type file -Force >$nul
New-Item $allservers -Type file -Force >$nul
New-Item $WSUSorphans -Type file -Force >$nul
#Get list of servers from AD
$strCategory = "computer" 
$strOS = "Windows*Server*"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry 
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher 
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("OperatingSystem=$strOS")
$colProplist = "dnshostname"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) 
{$objComputer = $objResult.Properties;  
$objComputer.dnshostname >> $serverlist}
#Get WSUS list
function Get-WSUSComputers()
{
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($WSUSserver,$false)
$wsus.GetComputerTargets()
}
Get-WSUSComputers | Sort FullDomainName |`
Select FullDomainName | `
Out-File -FilePath $WSUSList -Force
$Servers = get-content $ServerList
$WSUS = get-content $WSUSList
#compare lists
Foreach ($Server in $Servers)
{$Server = $Server.tolower()
$Server = $Server + (" " * (79 - $Server.Length))
Add-content $allservers $Server
If ($WSUS -contains $Server)
{ Add-content $InWSUS $Server }
Else
{ Add-content $NotInWSUS $Server }
}
$ADList = get-content $allservers
Foreach ($Server in $WSUS)
{
If ($ADList -contains $Server)
{ write-host "ok" >$nul }
Else
{ Add-content $WSUSorphans $Server }
}

No comments: