In this video, I talked about a PowerShell script I wrote to help me with Windows Server Update Services (WSUS) Indexing.
Script
<#
Name: WSUS Reindexing Script
Purpose: The purpose of this script is to check and index the computers in AD that are not indexed in WSUS.
Version: v1
Last modified by: Paul Koroma
#>
#Requires -RunAsAdministrator
#Ask user to specify the Domain they want to target.
$domaininfo= Read-Host -Prompt "Enter the Domain name without the TLD" -ForegroundColor Yellow
$tld= Read-Host -Prompt "Enter Top-Level Domain eg:'com'"
<#
If the script is using user input values, you may want to add some sort of validation on the input, or put some sort of error handling here where if the domain isn't valid
the script will stop from processing any further
#>
#Ask the user to specify the WSUS Server they want to target.
$wsusserver= Read-Host -Prompt "Enter the IP for the WSUS server"
Write-host "enter the credential for the WSUS server..." -ForegroundColor Yellow
Start-sleep -seconds 2
$credential = Get-Credential
<#
If the script is using user input values, you may want to add some sort of validation on the input, or put some sort of error handling here where if the IP Address isn't valid
the script will stop from processing any further
#>
#Connect to WSUS Servers and ask the user to the WSUS Group they want the target.
$session = New-PSSession -ComputerName $wsusserver -Credential $credential
Invoke-Command -Session $session {$wsusgroup= Read-Host -Prompt "Enter the WSUS Group Name you want to taget"}
<#
If the script is using user input values, you may want to add some sort of validation on the input, or put some sort of error handling here where if the WSUS group isn't valid
the script will stop from processing any further
#>
# Grab the list of computers from the WSUS Server using the group name specified by the user.
Invoke-Command -Session $session {$wsuslist= (Get-WsusComputer -ComputerTargetGroups "$wsusgroup").FullDomainName}
#Grab the list of computers from the AD OU
$adlist= (Get-ADComputer -filter * -SearchBase "OU=Windows,OU=Servers,DC=$domaininfo,DC=$tld").DNSHostName
#Compare both list and create a new list
$finalist= @(Compare-Object -DifferenceObject (Invoke-Command -Session $session {$wsuslist}) -ReferenceObject $adlist).InputObject
#Ping each computer in the new list to make sure the computer is online or offline
Write-host "Pinging Computers " -ForegroundColor Yellow
foreach($comp in $finalist)
{$pingtest= Test-Connection -ComputerName $comp -Count 1
if($pingtest) {$Online+=@("$comp")}
else {$Offline+=@("$comp")}
}
#Check each computer that is online and delete the registry key if it's there.
foreach($comp in $online)
{Invoke-Command -ComputerName $online -ScriptBlock {
if ($null -ne (Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" -Name "SusClientId" -ErrorAction SilentlyContinue))
{Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" -Name "SusClientId" -Force}
}}
#Force the computers online to check in with the WSUS server and recreate the registry key
Write-host "Forcing computers to check into WSUS" -ForegroundColor Yellow
foreach($comp in $online)
{Invoke-Command -ComputerName $online -ScriptBlock {$updateSession = new-object -com "Microsoft.Update.Session";$updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates;
Start-sleep -seconds 5; Restart-Service wuauserv; wuauclt /resetauthorization; wuauclt /detectnow; wuauclt /reportnow}
}
#Completed List
Write-host "These VMs were updated successfully" -ForegroundColor Yellow
$online
#Offline List
Write-host "These VMs seem to be offline" -ForegroundColor Yellow
$Offline
Read-Host "Press any key to exit..."