Script to add machines to a WSUS group automatically

#Script to add machines to a WSUS group automatically:
#The script needs Admin credentials and the WSUS Administration Console installed on the machine where it runs

#Initialize Variables
$wsusGroup = [string] “ServerGroupC”
$wsusParentGroup = [string] “All Computers”
$date = get-date
$date = [string] $ + $date.month + $date.year + $date.hour + $date.minute
$succeslog = [string] “.\logs\” + $date + “_success.log”
$errorlog = [string] “.\logs\” + $date + “_errors.log”
$WindowsUpdateServer= [string] “”
$useSecureConnection = [bool] $true
$portNumber = [int] “443”

#Instantiate Objects:
#Required WSUS Assembly – auto installed with WSUS Administration Tools
if (!$wsus) {
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WindowsUpdateServer,$useSecureConnection,$portNumber)
$serverList = Get-Content “.\srvlist.txt”
$updateGroups = $Wsus.GetComputerTargetGroups()
$updateGroup = $UpdateGroups | Where-Object{$_.Name -eq $wsusgroup} | Where-Object{$_.getparenttargetgroup().name -eq $wsusparentgroup}
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::All
$computers = $wsus.GetComputerTargets($computerScope)
$wsusServers = @()
$WsusServersShortNames = @()

#Create arrays:
# $wsusServer = Array of WSUS Computer objects
# $wsusServerShortName = Array strings, with one server RDN per line
Write-Host “Collecting Server List from WSUS…”
$computers | foreach-object {
$wsusServer = $_.FullDomainName
#cut off DNS suffix and store shortname
$wsusServerShortName = $WsusServer.split(‘.’)[0]
$wsusServers += $WsusServer
$wsusServersShortNames += $wsusServerShortName
} #End ForEach $computers

#loop to add servers to group
ForEach ($server in $serverList) {
#Check if server Netbios name is present in WSUS, if present move to group – if not log an error
$wsusComputer = $wsusServersShortNames | Where-Object {$_ -eq $server.Trim()} #Checks for a match in WSUS for the current server in the import list.
If ($wsusComputer) {
$searchStr = [string] $server.Trim() + “\.” #String representing a RegEx match for the relative part of the server FQDN
$wsusComputer1 = $wsusServers | where-object {$_ -match $searchStr } #Get a WSUS computer object representing the current server in the import list.
If ($wsusComputer1.getType().Name -match “string”) { #Current $wsusComptuer1 must be a [string] object, or next step will fail.
Write-Host “$wsusComputer1 will be added to $($ group”
$computer = $wsus.GetComputerTargetByName($wsusComputer1)
out-file -append -inputobject “$Server added to $($ group” -filepath $succeslog
Else {
#More than one server was matched in WSUS – this will happen if your regEx is not properly formed.
write-host “count $($wsusComputer1.count)”
Out-File -append -inputobject “$werver has ambiguous name – check server in WSUS and add to group manually” -filepath $errorlog
} #End If $wsusComputer
Else {
Write-Host “$Server not found in WSUS”
out-file -append -inputobject “$Server not found in WSUS” -filepath $errorlog
#End ForEach $server


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s