We help IT Professionals succeed at work.

powershell script

A A
A A asked
on
197 Views
Last Modified: 2017-11-29
Does anyone know how to pull outstanding windows updates report for all AD computers with a PowerShell script?
I don't have access to WSUS and Active directory expect for read only access.

Thanks.
Comment
Watch Question

IT Specialist
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
A A

Author

Commented:
I need a script which lists all AD computers windows update outstanding patches.
A A

Author

Commented:
I want to see how many clients have over 50 outstanding patches. Your help is appreciated.

Thanks.
Jose Gabriel Ortega CastroTop-Rated Plus Freelancer (Upwork)/EE Solution Guide / CEO / Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018

Commented:
Can you define "Outstanding patches"? Pending, applied or others?.


jose
A A

Author

Commented:
Pending Patches. if possible I would also like to see applied, successful and failed patches? I want to run this against all AD devices.

Thanks
William MillerIT Specialist
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jose Gabriel Ortega CastroTop-Rated Plus Freelancer (Upwork)/EE Solution Guide / CEO / Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
A A

Author

Commented:
WUU utility is for applying patches. I am not looking to apply any patches. All I need to see is pending updates for all active directory devices.

Jose, I am unable to run this script. does this script works for you?   how do I save this is csv file?
I am getting this error:

Get-PendingUpdate : The term 'Get-PendingUpdate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:1 char:1
+ Get-PendingUpdate -ADcomputer


Can you please verify is this is correct:


Get-PendingUpdate -ADcomputer
 {
    <#    
      .SYNOPSIS  
        Retrieves the updates waiting to be installed from WSUS  
      .DESCRIPTION  
        Retrieves the updates waiting to be installed from WSUS  
      .PARAMETER Computername
        Computer or computers to find updates for.  
      .EXAMPLE  
       Get-PendingUpdates
   
       Description
       -----------
       Retrieves the updates that are available to install on the local system
      .NOTES
      Author: Boe Prox                                          
                                       
    #>
     
    #Requires -version 3.0  
    [CmdletBinding(
        DefaultParameterSetName = 'computer'
        )]
    param(
        [Parameter(ValueFromPipeline = $True)]
            [string[]$Computername = $env:COMPUTERNAME
        )    
    Process {
        ForEach ($computer in $Computername) {
            If (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
                Try {
                #Create Session COM object
                    Write-Verbose "Creating COM object for WSUS Session"
                    $updatesession =  [activator]::CreateInstance([type]::GetTypeFromProgID("Microsoft.Update.Session",$computer))
                    }
                Catch {
                    Write-Warning "$($Error[0])"
                    Break
                    }
 
                #Configure Session COM Object
                Write-Verbose "Creating COM object for WSUS update Search"
                $updatesearcher = $updatesession.CreateUpdateSearcher()
 
                #Configure Searcher object to look for Updates awaiting installation
                Write-Verbose "Searching for WSUS updates on client"
                $searchresult = $updatesearcher.Search("IsInstalled=0")    
             
                #Verify if Updates need installed
                Write-Verbose "Verifing that updates are available to install"
                If ($searchresult.Updates.Count -gt 0) {
                    #Updates are waiting to be installed
                    Write-Verbose "Found $($searchresult.Updates.Count) update\s!"
                    #Cache the count to make the For loop run faster
                    $count = $searchresult.Updates.Count
                 
                    #Begin iterating through Updates available for installation
                    Write-Verbose "Iterating through list of updates"
                    For ($i=0; $i -lt $Count; $i++) {
                        #Create object holding update
                        $Update = $searchresult.Updates.Item($i)
                        [pscustomobject]@{
                            Computername = $Computer
                            Title = $Update.Title
                            KB = $($Update.KBArticleIDs)
                            SecurityBulletin = $($Update.SecurityBulletinIDs)
                            MsrcSeverity = $Update.MsrcSeverity
                            IsDownloaded = $Update.IsDownloaded
                            Url = $($Update.MoreInfoUrls)
                            Categories = ($Update.Categories | Select-Object -ExpandProperty Name)
                            BundledUpdates = @($Update.BundledUpdates)|ForEach{
                               [pscustomobject]@{
                                    Title = $_.Title
                                    DownloadUrl = @($_.DownloadContents).DownloadUrl
                                }
                            }
                        }
                    }
                }
                Else {
                    #Nothing to install at this time
                    Write-Verbose "No updates to install."
                }
            }
            Else {
+ ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (Get-PendingUpdate:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException
William MillerIT Specialist
CERTIFIED EXPERT

Commented:
@OP: Take a look here, it seems to query all devices on an AD for pending updates. There are some pre-reqs but they're also listed in the TN Gallery:

https://gallery.technet.microsoft.com/288e8603-7073-4b2b-b369-55dc5c4eea25
A A

Author

Commented:
or is there any script I can from sccm to find out windows updates. can I use sccm client to find out pending updates from all AD computers. again I don't have access to wsus server. I would like to see 20+  and 50 + , pending patches in csv file.
Jose Gabriel Ortega CastroTop-Rated Plus Freelancer (Upwork)/EE Solution Guide / CEO / Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018

Commented:
you save the script.
Go to an elevated powershell console.
Navegate to the path where you saved the script.
run the script
 .\Scriptname.ps1

Open in new window

And check the results.
if you obtain an output you can use this
 .\Scriptname.ps1 | Convertto-csv | out-file here.csv

Open in new window

A A

Author

Commented:
Thanks Jose. I will try that. I am also looking into clients not getting patches from WSUS. what could be the reason? over 500 clients are not getting patches. They are active and logging in to the system. what is stopping these machines to get patched.

Thanks.
A A

Author

Commented:
Hi Jose this script did not work for me.

1-please help me find the how can I get outstanding windows update for all AD computers through sccm. I don't have access to WSUS.

2-i also need help finding the Windows update agent versions for all machines in our environment. I need them both in an excel sheel.

Thank you.
Jose Gabriel Ortega CastroTop-Rated Plus Freelancer (Upwork)/EE Solution Guide / CEO / Photographer
CERTIFIED EXPERT
Awarded 2018
Distinguished Expert 2018

Commented:
answered

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions