asked on
powershell script
Does anyone know how to pull outstanding windows updates report for all AD computers with a PowerShell script?
I don't have access to WSUS and Active directory expect for read only access.
Thanks.
I don't have access to WSUS and Active directory expect for read only access.
Thanks.
PowershellWindows OS
Last Comment
Jose Gabriel Ortega Castro
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
I need a script which lists all AD computers windows update outstanding patches.
ASKER
I want to see how many clients have over 50 outstanding patches. Your help is appreciated.
Thanks.
Thanks.
Can you define "Outstanding patches"? Pending, applied or others?.
jose
jose
Your help has saved me hundreds of hours of internet surfing.
fblack61
ASKER
Pending Patches. if possible I would also like to see applied, successful and failed patches? I want to run this against all AD devices.
Thanks
Thanks
SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionSOLUTION
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
WUU utility is for applying patches. I am not looking to apply any patches. All I need to see is pending updates for all active directory devices.
Jose, I am unable to run this script. does this script works for you? how do I save this is csv file?
I am getting this error:
Get-PendingUpdate : The term 'Get-PendingUpdate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:1 char:1
+ Get-PendingUpdate -ADcomputer
Can you please verify is this is correct:
Get-PendingUpdate -ADcomputer
{
<#
.SYNOPSIS
Retrieves the updates waiting to be installed from WSUS
.DESCRIPTION
Retrieves the updates waiting to be installed from WSUS
.PARAMETER Computername
Computer or computers to find updates for.
.EXAMPLE
Get-PendingUpdates
Description
-----------
Retrieves the updates that are available to install on the local system
.NOTES
Author: Boe Prox
#>
#Requires -version 3.0
[CmdletBinding(
DefaultParameterSetName = 'computer'
)]
param(
[Parameter(ValueFromPipeli
[string[]$Computername = $env:COMPUTERNAME
)
Process {
ForEach ($computer in $Computername) {
If (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Try {
#Create Session COM object
Write-Verbose "Creating COM object for WSUS Session"
$updatesession = [activator]::CreateInstanc
}
Catch {
Write-Warning "$($Error[0])"
Break
}
#Configure Session COM Object
Write-Verbose "Creating COM object for WSUS update Search"
$updatesearcher = $updatesession.CreateUpdat
#Configure Searcher object to look for Updates awaiting installation
Write-Verbose "Searching for WSUS updates on client"
$searchresult = $updatesearcher.Search("Is
#Verify if Updates need installed
Write-Verbose "Verifing that updates are available to install"
If ($searchresult.Updates.Cou
#Updates are waiting to be installed
Write-Verbose "Found $($searchresult.Updates.Co
#Cache the count to make the For loop run faster
$count = $searchresult.Updates.Coun
#Begin iterating through Updates available for installation
Write-Verbose "Iterating through list of updates"
For ($i=0; $i -lt $Count; $i++) {
#Create object holding update
$Update = $searchresult.Updates.Item
[pscustomobject]@{
Computername = $Computer
Title = $Update.Title
KB = $($Update.KBArticleIDs)
SecurityBulletin = $($Update.SecurityBulletin
MsrcSeverity = $Update.MsrcSeverity
IsDownloaded = $Update.IsDownloaded
Url = $($Update.MoreInfoUrls)
Categories = ($Update.Categories | Select-Object -ExpandProperty Name)
BundledUpdates = @($Update.BundledUpdates)|
[pscustomobject]@{
Title = $_.Title
DownloadUrl = @($_.DownloadContents).Dow
}
}
}
}
}
Else {
#Nothing to install at this time
Write-Verbose "No updates to install."
}
}
Else {
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-PendingUpdate:String)
+ FullyQualifiedErrorId : CommandNotFoundException
Jose, I am unable to run this script. does this script works for you? how do I save this is csv file?
I am getting this error:
Get-PendingUpdate : The term 'Get-PendingUpdate' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
At line:1 char:1
+ Get-PendingUpdate -ADcomputer
Can you please verify is this is correct:
Get-PendingUpdate -ADcomputer
{
<#
.SYNOPSIS
Retrieves the updates waiting to be installed from WSUS
.DESCRIPTION
Retrieves the updates waiting to be installed from WSUS
.PARAMETER Computername
Computer or computers to find updates for.
.EXAMPLE
Get-PendingUpdates
Description
-----------
Retrieves the updates that are available to install on the local system
.NOTES
Author: Boe Prox
#>
#Requires -version 3.0
[CmdletBinding(
DefaultParameterSetName = 'computer'
)]
param(
[Parameter(ValueFromPipeli
[string[]$Computername = $env:COMPUTERNAME
)
Process {
ForEach ($computer in $Computername) {
If (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
Try {
#Create Session COM object
Write-Verbose "Creating COM object for WSUS Session"
$updatesession = [activator]::CreateInstanc
}
Catch {
Write-Warning "$($Error[0])"
Break
}
#Configure Session COM Object
Write-Verbose "Creating COM object for WSUS update Search"
$updatesearcher = $updatesession.CreateUpdat
#Configure Searcher object to look for Updates awaiting installation
Write-Verbose "Searching for WSUS updates on client"
$searchresult = $updatesearcher.Search("Is
#Verify if Updates need installed
Write-Verbose "Verifing that updates are available to install"
If ($searchresult.Updates.Cou
#Updates are waiting to be installed
Write-Verbose "Found $($searchresult.Updates.Co
#Cache the count to make the For loop run faster
$count = $searchresult.Updates.Coun
#Begin iterating through Updates available for installation
Write-Verbose "Iterating through list of updates"
For ($i=0; $i -lt $Count; $i++) {
#Create object holding update
$Update = $searchresult.Updates.Item
[pscustomobject]@{
Computername = $Computer
Title = $Update.Title
KB = $($Update.KBArticleIDs)
SecurityBulletin = $($Update.SecurityBulletin
MsrcSeverity = $Update.MsrcSeverity
IsDownloaded = $Update.IsDownloaded
Url = $($Update.MoreInfoUrls)
Categories = ($Update.Categories | Select-Object -ExpandProperty Name)
BundledUpdates = @($Update.BundledUpdates)|
[pscustomobject]@{
Title = $_.Title
DownloadUrl = @($_.DownloadContents).Dow
}
}
}
}
}
Else {
#Nothing to install at this time
Write-Verbose "No updates to install."
}
}
Else {
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-PendingUpdate:String)
+ FullyQualifiedErrorId : CommandNotFoundException
@OP: Take a look here, it seems to query all devices on an AD for pending updates. There are some pre-reqs but they're also listed in the TN Gallery:
https://gallery.technet.microsoft.com/288e8603-7073-4b2b-b369-55dc5c4eea25
https://gallery.technet.microsoft.com/288e8603-7073-4b2b-b369-55dc5c4eea25
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
or is there any script I can from sccm to find out windows updates. can I use sccm client to find out pending updates from all AD computers. again I don't have access to wsus server. I would like to see 20+ and 50 + , pending patches in csv file.
you save the script.
Go to an elevated powershell console.
Navegate to the path where you saved the script.
run the script
if you obtain an output you can use this
Go to an elevated powershell console.
Navegate to the path where you saved the script.
run the script
.\Scriptname.ps1
if you obtain an output you can use this
.\Scriptname.ps1 | Convertto-csv | out-file here.csv
ASKER
Thanks Jose. I will try that. I am also looking into clients not getting patches from WSUS. what could be the reason? over 500 clients are not getting patches. They are active and logging in to the system. what is stopping these machines to get patched.
Thanks.
Thanks.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
ASKER
Hi Jose this script did not work for me.
1-please help me find the how can I get outstanding windows update for all AD computers through sccm. I don't have access to WSUS.
2-i also need help finding the Windows update agent versions for all machines in our environment. I need them both in an excel sheel.
Thank you.
1-please help me find the how can I get outstanding windows update for all AD computers through sccm. I don't have access to WSUS.
2-i also need help finding the Windows update agent versions for all machines in our environment. I need them both in an excel sheel.
Thank you.
answered