WSUS: Managing Groups With PowerShell | Achieve More

Home » Add Computer To Wsus Group Powershell » WSUS: Managing Groups With PowerShell | Achieve More

Maybe your like

In this post, I will show how to use PowerShell to manage the Target Groups in WSUS. Using PowerShell, you can Create and Delete groups and Add/Remove clients from groups.

First, we need to setup our connection to our WSUS server:

$wsusserver = 'dc1' #Load required assemblies [void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$False)

Create Target Group

We will be using the CreateComputerTargetGroup() method to create our group. There are two different ways to use this method, one just requires a name for the Group and the other allows you to supple a parent group name to create a child group underneath it.

If you want to validate the group name to make sure it will be ok to use in WSUS, you can use the IsValidComputerTargetGroupName() method to see if WSUS will allow the group name.

$wsus.IsValidComputerTargetGroupName("Te$t") $wsus.IsValidComputerTargetGroupName("Test@")

Untitled

Let’s create a group now:

$wsus.CreateComputerTargetGroup("TestGroup")

Simple enough. After you create the group, you will receive confirmation of the creation that lists the group name and the ID GUID of the group.

Untitled

Now that we have created this test group, lets create a second group underneath that group.

We need to first get the group that we created.

$group = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq "TestGroup"}

Untitled

Now with that,we can create the child group underneath our newly created parent group:

$wsus.CreateComputerTargetGroup("ChildGroup",$group)

As usual, you can immediately see the new group along with its GUID.

Untitled

It isn’t that apparent that this is a child group until you see the console:

Untitled

You can also use the GetChildTargetGroups() method that is available to find out if a group has any children. It is important to note that you must call this on an individual group, not the entire collection unless you loop through each group in the collection.

$group.GetChildTargetGroups()

Untitled

Delete Target Group

Ok, so we have figured out how to create groups within WSUS, but how do you delete the groups? Well, the answer is pretty easy. We will make use of the Delete() method that is available for each group in the collection. Lets get the child group we created and then delete it using the Delete method:

$group = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq "ChildGroup"} $group.Delete()

Now, the child group is gone.

Untitled

Creating a target is fairly simple with an little bit of complexity when your adding a child group, but deleting a group is pretty painless. Now what happens if you delete the parent group and not the child? Easy, both are deleted.

Add Computer to Target Group

Lets now take a look at adding a client to a target group. For this, we will be using the AddComputerTarget() method that is available for each group in the collection. Looking at the requirements for this method, we can see that the value that it is expecting is a computer target object. So just typing in the name of the computer will not work and will only throw an error.

Untitled

The quickest way to get a client is by using the GetComputerTargetByName() method. This only works as long as you know the client name. This method has by far the best performance of locating a client in WSUS using PowerShell instead of using the GetComputerTargets() method and throwing in a Where-Object to locate the name. I am going to add “boe-laptop” to the “Domain Servers” group in my example.

$client = $wsus.GetComputerTargetByName("boe-laptop") $group.AddComputerTarget($client)

Untitled

If you wanted to add more than one computer to a group, you will have to create the collection of clients and then iterate through the collection and add each on into the group.

$clients = $wsus.GetComputerTargets() ForEach ($client in $clients) { Group.AddComputerTarget($client) }

Remove Computer from Target Group

Last in this post I will show you how to remove a computer from a group using the RemoveComputerTarget() which is available for each group in the collection. Just like when we added a client to a group, we will once again need to first get the computer object to meet the required value of the method. For this example, I will remove “boe-latop” from the “Domain Servers” group.

$client = $wsus.GetComputerTargetByName("boe-laptop") $group.RemoveComputerTarget($client)

Untitled

And, just like with adding multiple clients to a group, you will need to iterate through the collection of clients to remove each one from a group.

$clients = $wsus.GetComputerTargets() ForEach ($client in $clients) { Group.RemoveComputerTarget($client) }

Once you start to climb into managing WSUS groups with PowerShell, it really is just a matter of a few lines to start to make things happen.

Share this:

  • X
  • Facebook
  • Email
  • LinkedIn
  • Reddit
  • Pocket
Like Loading...

Related

Tag » Add Computer To Wsus Group Powershell