Was recently tasked with writing an audit script of what servers we control that were not currently in WSUS. Following is a script that generates 2 text files. The first one will be a list of servers in the specific OU that we are concerned with are in WSUS and the second will be a listing of those that are not.
Shout out to Jonathan Medd for showing the way with his WSUS PowerPack.
function Get-WSUSComputers()
{
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer('WSUS_Server',$false)
$wsus.GetComputerTargets()
}
$ServerList = 'c:\ProductionScripts\Servers.txt'
$WSUSList = 'c:\ProductionScripts\WSUS.txt'
$InWSUS = 'c:\ProductionScripts\FirstInSecond.txt'
$NotInWSUS = 'c:\ProductionScripts\FirstNotInSecond.txt'
# Export out a list of all servers
Get-QADComputer -OSName *Server* `
-SearchRoot 'OU=Your OU,OU=Your Company,DC=Company,DC=com' |`
Sort-Object DNSName | `
Select-Object DNSName | `
Out-File -FilePath $ServerList -Force
# Export out a list of all servers
# listed in WSUS
Get-WSUSComputers | Sort FullDomainName |`
Select FullDomainName | `
Out-File -FilePath $WSUSList -Force
$Servers = get-content $ServerList
$WSUS = get-content $WSUSList
New-Item $InWSUS -Type file -Force
New-Item $NotInWSUS -Type file -Force
Foreach ($Server in $Servers)
{
If ($WSUS -contains $Server)
{
Add-content $InWSUS $Server
}
Else
{
Add-content $NotInWSUS $Server
}
}
Enjoy!