In this video, I talked about a PowerShell script I wrote to help me with Windows Server Update Services (WSUS) Indexing.

Script

<#

Name: WSUS Reindexing Script

Purpose: The purpose of this script is to check and index the computers in AD that are not indexed in WSUS.

Version: v1

Last modified by: Paul Koroma

#>

#Requires -RunAsAdministrator

#Ask user to specify the Domain they want to target.

$domaininfo= Read-Host -Prompt "Enter the Domain name without the TLD" -ForegroundColor Yellow

$tld= Read-Host -Prompt "Enter Top-Level Domain eg:'com'"

<#

If the script is using user input values, you may want to add some sort of validation on the input, or put some sort of error handling here where if the domain isn't valid

the script will stop from processing any further

#>

#Ask the user to specify the WSUS Server they want to target.

$wsusserver= Read-Host -Prompt "Enter the IP for the WSUS server"

Write-host "enter the credential for the WSUS server..." -ForegroundColor Yellow

Start-sleep -seconds 2

$credential = Get-Credential

<#

If the script is using user input values, you may want to add some sort of validation on the input, or put some sort of error handling here where if the IP Address isn't valid

the script will stop from processing any further

#>

#Connect to WSUS Servers and ask the user to the WSUS Group they want the target.

$session = New-PSSession -ComputerName $wsusserver -Credential $credential

Invoke-Command -Session $session {$wsusgroup= Read-Host -Prompt "Enter the WSUS Group Name you want to taget"}

<#

If the script is using user input values, you may want to add some sort of validation on the input, or put some sort of error handling here where if the WSUS group isn't valid

the script will stop from processing any further

#>

# Grab the list of computers from the WSUS Server using the group name specified by the user.

Invoke-Command -Session $session {$wsuslist= (Get-WsusComputer -ComputerTargetGroups "$wsusgroup").FullDomainName}

#Grab the list of computers from the AD OU

$adlist= (Get-ADComputer -filter * -SearchBase "OU=Windows,OU=Servers,DC=$domaininfo,DC=$tld").DNSHostName

#Compare both list and create a new list

$finalist= @(Compare-Object -DifferenceObject (Invoke-Command -Session $session {$wsuslist}) -ReferenceObject $adlist).InputObject

#Ping each computer in the new list to make sure the computer is online or offline

Write-host "Pinging Computers " -ForegroundColor Yellow

foreach($comp in $finalist)

{$pingtest= Test-Connection -ComputerName $comp -Count 1

if($pingtest) {$Online+=@("$comp")}

else {$Offline+=@("$comp")}

}

#Check each computer that is online and delete the registry key if it's there.

foreach($comp in $online)

{Invoke-Command -ComputerName $online -ScriptBlock {

if ($null -ne (Get-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" -Name "SusClientId" -ErrorAction SilentlyContinue))

{Remove-ItemProperty -Path "HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate" -Name "SusClientId" -Force}

}}

#Force the computers online to check in with the WSUS server and recreate the registry key

Write-host "Forcing computers to check into WSUS" -ForegroundColor Yellow

foreach($comp in $online)

{Invoke-Command -ComputerName $online -ScriptBlock {$updateSession = new-object -com "Microsoft.Update.Session";$updates=$updateSession.CreateupdateSearcher().Search($criteria).Updates;

Start-sleep -seconds 5; Restart-Service wuauserv; wuauclt /resetauthorization; wuauclt /detectnow; wuauclt /reportnow}

}

#Completed List

Write-host "These VMs were updated successfully" -ForegroundColor Yellow

$online

#Offline List

Write-host "These VMs seem to be offline" -ForegroundColor Yellow

$Offline

Read-Host "Press any key to exit..."