The script below will help. It generates a list of server machine accounts from AD and then exports the list from WSUS and then generates lists for review.
#LIST-AUDIT.PS1
#Export list of server accounts from AD, export WSUS clients, compare
#
#Define variables
$WSUSserver = 'PRIWSUS02'
$serverlist = 'c:\audit\data\servers.txt'
$WSUSList = 'c:\audit\data\WSUS.txt'
$InWSUS = 'c:\audit\data\OK-Servers-on-WSUS-list.txt'
$NotInWSUS = 'c:\audit\report\REVIEW-Servers-not-on-WSUS-list.txt'
$allservers = 'c:\audit\data\allservers.txt'
$WSUSorphans = 'c:\audit\report\REVIEW-WSUS-item-not-on-Servers-list.txt'
#Initialize files
New-Item $serverlist -Type file -Force >$nul
New-Item $WSUSList -Type file -Force >$nul
New-Item $InWSUS -Type file -Force >$nul
New-Item $NotInWSUS -Type file -Force >$nul
New-Item $allservers -Type file -Force >$nul
New-Item $WSUSorphans -Type file -Force >$nul
#Get list of servers from AD
$strCategory = "computer"
$strOS = "Windows*Server*"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("OperatingSystem=$strOS")
$colProplist = "dnshostname"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{$objComputer = $objResult.Properties;
$objComputer.dnshostname >> $serverlist}
#Get WSUS list
function Get-WSUSComputers()
{
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($WSUSserver,$false)
$wsus.GetComputerTargets()
}
Get-WSUSComputers | Sort FullDomainName |`
Select FullDomainName | `
Out-File -FilePath $WSUSList -Force
$Servers = get-content $ServerList
$WSUS = get-content $WSUSList
#compare lists
Foreach ($Server in $Servers)
{$Server = $Server.tolower()
$Server = $Server + (" " * (79 - $Server.Length))
Add-content $allservers $Server
If ($WSUS -contains $Server)
{ Add-content $InWSUS $Server }
Else
{ Add-content $NotInWSUS $Server }
}
$ADList = get-content $allservers
Foreach ($Server in $WSUS)
{
If ($ADList -contains $Server)
{ write-host "ok" >$nul }
Else
{ Add-content $WSUSorphans $Server }
}
No comments:
Post a Comment