WSUS Script to add List of Computers to a Group in WSUS

 
For a project at a client that uses WSUS 3.0 for server patch management, it was sometimes handy to be able to add machines to a certain group in WSUS automatically. They sometimes need to change membership for a large list of servers for a patch roll-out (like with the KB958644 critical hotfix).
Also this enables you to schedule the script if you need to do this at a period when you normally like to sleep.
This would otherwise require selecting them all manually in the WSUS Console from the ‘All Computers’ groups and changing the membership.
 
Feel free to copy and comment !
 
#Script to add machines to a WSUS group automatically:
#The script needs Admin credentials and the WSUS Administration Console installed on the machine where it runs
 
$wsusgroup="TestGroup"
$wsusparentgroup="All Computers"
$serverlist=Get-Content ".\srvlist.txt"
$date=get-date
$date = [string]$date.day + $date.month + $date.year + $date.hour + $date.minute
$succeslog=".\logs\" +$date +"_success.log"
$errorlog=".\logs\" + $date +"_errors.log"
#Initialization
$WindowsUpdateServer= "wsus01"
#Required WSUS Assembly – auto installed with WSUS Administration Tools
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
if (!$wsus) {
        $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WindowsUpdateServer,$False)
}
$UpdateGroups=$Wsus.GetComputerTargetGroups()
$updategroup=$UpdateGroups | Where-Object{$_.Name -eq $wsusgroup} | Where-Object{$_.getparenttargetgroup().name -eq $wsusparentgroup}
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::All
$computers = $wsus.GetComputerTargets($computerScope)
$WsusServers=@()
$WsusServersShortNames=@()
#Create arrays with shortname and FQDN of all servers in WSUS
Write-Host "Collecting Server List from WSUS…"
$computers | foreach-object {
 
 $WsusServer=$_.FullDomainName
 #cut off DNS suffix and store shortname
 $WsusServerShortName=$WsusServer.split(‘.’)[0]
 $WsusServers += $WsusServer
 $WsusServersShortNames += $WsusServerShortName
}
#loop to add servers to group
ForEach ($server in $serverlist)  {
 
 #Check if server Netbios name is present in WSUS, if present move to group – if not log an error
 $WsusComputer=($WsusServersShortNames -eq $server)
 If ($WsusComputer) {
  $WsusComputer=($WsusServers -like "$server*" )
  If ($wsuscomputer.count -eq 1) {
   Write-Host "$WsusComputer will be added to $($updategroup.name) group"
   $computer=$wsus.GetComputerTargetByName($WsusComputer)
   $updategroup.AddComputerTarget($computer)
   out-file -append -inputobject "$Server added to $($updategroup.name) group" -filepath $succeslog
          }
 Else
     {
     #there are two servers in WSUS with ambiguous name – this should never happen but in that case an error is logged
     write-host "count $($wsuscomputer.count)"
     Out-File -append -inputobject "$Server has ambiguous name – check server in WSUS and add to group manually" -filepath $errorlog
     }
  }
Else {
 Write-Host "$Server not found in WSUS"
 out-file -append -inputobject "$Server not found in WSUS" -filepath $errorlog
}
    }
 
Advertisements

3 responses to “WSUS Script to add List of Computers to a Group in WSUS

  1. Hi, thanks for publishing this script 🙂  I have used it and works fine, but I have one tiny problem. I use Rapid Deployment from HP (Altiris)to manage my servers and created a job that exports the servername to the srvlist.txt. The problem is that all servernames are stored in uppercase i Rapid Deployment and the script/WSUS don\’t like that. The logfile says: Machinename not found in WSUS.Is it in some way possible to have the script convert/read the list in lowercase?I have zero knowledge of powershell and would be very thankful for any advice. Thanks,Toby

  2. Is it possible to have the script just look at the unassigned container and if the computer name start with a certain naming convention then move to an appropriate container?

  3. This script was quite useful for me last night. I did have some problems running the script under PowerShell 2, and had to update some of the code.

    The “add servers” loop uses some comparison operators to generate boolean matches which do not appear to work as designed. I replaced these with “$object | where-object” clauses instead. I also eliminated (or reduced) the chances of multiple server name matches by using the “-match” (Regular Expression) comparison operator, instead of “-like”, which allows for ambiguity.

    Finally, I added casting to the variables to prevent confusion, and cleaned up the indentation. The updated script can be found here:
    http://blog.uvm.edu/jgm/2011/05/06/wsus-programatic-access/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s