Link to home
Start Free TrialLog in
Avatar of marceloNYC
marceloNYCFlag for United States of America

asked on

Integrating WSUS to Active Directory

Hello Experts,

I need some help integrating a WSUS server to an Active Directory organization.

The WSUS server needs to know the systems it needs to update.

How do I do that?
Avatar of Andy M
Andy M
Flag of United Kingdom of Great Britain and Northern Ireland image

You'd apply a group policy to the PC's so they communicate back to your WSUS server. They should then appear automatically and you can make amendments accordingly from there.

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
Avatar of marceloNYC

ASKER

OKay, I m going to try it now... I 'll update you soon
Ultimately WSUS is still a back end for windows uodate. Which is inherently a "pull" uodate system. You can't force WSUS to "know" which systems it need to update. Even with ient-side targeting, it is up to the client to check in, and only then will WSUS be aware of the system and its status. And deleting a system from AD doesn't remove it from WSUS.

If you really need server-side tracking and reporting, you'll need an agent-based system with alerts about systems out of compliance. Microsoft's play in that space is SCCM. And there are other 3rd-party solutions. But WSUS won't get there alone.
I tried this not sure is working.

I do not see the computer that is added to the server.

https://www.itprotoday.com/windows-8/deploying-windows-server-update-services-domain-environment-and-using-group-policies
As I said. WSUS is inherently a pull system. No computer will show up in WSUS until that client receives the group policy "and" windows update decides to check it. Which is is allowed to do at its leisure. It can take a day or two before you see systems appear with properly configured group policies. Improperly configured group policies can cause systems to never check in and therefore would never appear in WSUS.
first use rsop or gpresult  and check that your group policy is applied
if yes applied.  from an elevated cmd prompt

wuauclt /resetauthorization /detectnow  
wuauclt /reportnow

Open in new window


you should now see that computer in the unassigned computers or all computers list in WSUS
I recall that those commands no longer work as expected in Win10. But am not in a place to find their replacements at the moment.
they still work on my Windows 10 Enterprise VM's
The commands run without error.  But /detectnow, for certain, no longer *does* anything. Enterprise or otherwise.

https://blogs.technet.microsoft.com/yongrhee/2017/11/09/wuauclt-detectnow-in-windows-10-and-windows-server-2016/
ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you!