Moving computers in WSUS console - Possible to automate?

Hello Experts,

I am not the WSUS admin, so hopefully all of my terminology is correct. I am curious if there is a way to automagically move computers into a specific container? Currently we have a series of computers groups; 1st pilot group, 2nd pilot group, users, servers, test, etc). If we want to move users from one computer group to another we have to manually search for the computer and pin it into its desired group.

Question is, if i have a large list of computer names that need a specific patch (Internet Explorer 11) and we dont want to deploy to an entire computer group, can we import a CSV or something of that nature to automate this process? Otherwise the alternative is the WSUS admin has to spend hours on large testing groups manually moving one computer at a time.

thanks in advance!
SRCLAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
No, using wsus you can not deploy updates/installation on a computer by computer basis. You can differentiate based on wsus groups while using AD GPO to place computer in different WSus groups is the way to manage what you ....

Users are in users groups, computers are in computer groups, not sure what you mean by moving a user to a different computer group.

Scripting moving user object or computer objects among the different location is possible using vbscript, powershell, dsquery|dsget/......


Wsus has two modes of operation, GPO or registry based. GPO provides for central management ......
SRCLAuthor Commented:
The WSUS console has different "Computer groups" which we have defined.

Heres a look at what i am seeing in the console:

http://imgur.com/WWBWck7

What i am looking to do, is based on a defined list of computers (in a .csv), move them automatically from Users - NA to IE11 Install.

Currently the process is, the wsus admin clicks through a series of screens and moves each computer individually.

thanks
arnoldCommented:
Have you considered using GPO to manage the affiliation of the computers to the WSUS Computer groups

GPO can be stacked.
One GPO publishes the INTRANET site of the WSUS server.
Then a GPO that sets the WSUS Computer client target associations and the install mode are individually applied to the OU...

This way the placement of the Computer Object in the AD will control where the computer will end up within the WSUS client targeting.

There are examples that have powershell interfacing with the WSUS but I've seen ones dealing with approving updates, not relocating computer objects from one group to another.
20012R2 cmdlet reference for wsus.

https://technet.microsoft.com/en-us/library/hh826166%28v=wps.630%29.aspx


In your case when configuring the WSUS it was elected to manually place computers in their respective objects.

https://social.technet.microsoft.com/Forums/windowsserver/en-US/70a4f5ee-9f39-4fe0-9e54-5c24d0413eb3/wsusclient-side-targeting?forum=winserverwsus
Hector2016Systems Administrator and Solutions ArchitectCommented:
PowerShell Script to add List of Computers to a Group in WSUS

#Script to add machines to a WSUS group automatically:
#The script needs Admin credentials and the WSUS Administration Console installed on the machine where it runs
 
$wsusgroup="TestGroup"
$wsusparentgroup="All Computers"
$serverlist=Get-Content ".\srvlist.txt"
$date=get-date
$date = [string]$date.day + $date.month + $date.year + $date.hour + $date.minute
$succeslog=".\logs\" +$date +"_success.log"
$errorlog=".\logs\" + $date +"_errors.log"
#Initialization
$WindowsUpdateServer= "wsus01"
#Required WSUS Assembly – auto installed with WSUS Administration Tools
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
if (!$wsus) {
        $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WindowsUpdateServer,$False)
}
$UpdateGroups=$Wsus.GetComputerTargetGroups()
$updategroup=$UpdateGroups | Where-Object{$_.Name -eq $wsusgroup} | Where-Object{$_.getparenttargetgroup().name -eq $wsusparentgroup}
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope
$computerScope.IncludedInstallationStates = [Microsoft.UpdateServices.Administration.UpdateInstallationStates]::All
$computers = $wsus.GetComputerTargets($computerScope)
$WsusServers=@()
$WsusServersShortNames=@()
#Create arrays with shortname and FQDN of all servers in WSUS
Write-Host "Collecting Server List from WSUS…"
$computers | foreach-object {
 
 $WsusServer=$_.FullDomainName
 #cut off DNS suffix and store shortname
 $WsusServerShortName=$WsusServer.split(‘.’)[0]
 $WsusServers += $WsusServer
 $WsusServersShortNames += $WsusServerShortName
}
#loop to add servers to group
ForEach ($server in $serverlist)  {
 
 #Check if server Netbios name is present in WSUS, if present move to group – if not log an error
 $WsusComputer=($WsusServersShortNames -eq $server)
 If ($WsusComputer) {
  $WsusComputer=($WsusServers -like "$server*" )
  If ($wsuscomputer.count -eq 1) {
   Write-Host "$WsusComputer will be added to $($updategroup.name) group"
   $computer=$wsus.GetComputerTargetByName($WsusComputer)
   $updategroup.AddComputerTarget($computer)
   out-file -append -inputobject "$Server added to $($updategroup.name) group" -filepath $succeslog
          }
 Else
     {
     #there are two servers in WSUS with ambiguous name – this should never happen but in that case an error is logged
     write-host "count $($wsuscomputer.count)"
     Out-File -append -inputobject "$Server has ambiguous name – check server in WSUS and add to group manually" -filepath $errorlog
     }
  }
Else {
 Write-Host "$Server not found in WSUS"
 out-file -append -inputobject "$Server not found in WSUS" -filepath $errorlog
}
    }
 

Open in new window


Credits to: https://windowspowered.wordpress.com/2008/10/31/wsus-script-to-add-list-of-computers-to-a-group-in-wsus/

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.