Integrating WSUS to Active Directory

Hello Experts,

I need some help integrating a WSUS server to an Active Directory organization.

The WSUS server needs to know the systems it needs to update.

How do I do that?
marceloNYCMiddle-Tier AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andy MIT Systems ManagerCommented:
You'd apply a group policy to the PC's so they communicate back to your WSUS server. They should then appear automatically and you can make amendments accordingly from there.
marceloNYCMiddle-Tier AdministratorAuthor Commented:
OKay, I m going to try it now... I 'll update you soon
Cliff GaliherCommented:
Ultimately WSUS is still a back end for windows uodate. Which is inherently a "pull" uodate system. You can't force WSUS to "know" which systems it need to update. Even with ient-side targeting, it is up to the client to check in, and only then will WSUS be aware of the system and its status. And deleting a system from AD doesn't remove it from WSUS.

If you really need server-side tracking and reporting, you'll need an agent-based system with alerts about systems out of compliance. Microsoft's play in that space is SCCM. And there are other 3rd-party solutions. But WSUS won't get there alone.
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

marceloNYCMiddle-Tier AdministratorAuthor Commented:
I tried this not sure is working.

I do not see the computer that is added to the server.
Cliff GaliherCommented:
As I said. WSUS is inherently a pull system. No computer will show up in WSUS until that client receives the group policy "and" windows update decides to check it. Which is is allowed to do at its leisure. It can take a day or two before you see systems appear with properly configured group policies. Improperly configured group policies can cause systems to never check in and therefore would never appear in WSUS.
David Johnson, CD, MVPRetiredCommented:
first use rsop or gpresult  and check that your group policy is applied
if yes applied.  from an elevated cmd prompt

wuauclt /resetauthorization /detectnow  
wuauclt /reportnow

Open in new window

you should now see that computer in the unassigned computers or all computers list in WSUS
Cliff GaliherCommented:
I recall that those commands no longer work as expected in Win10. But am not in a place to find their replacements at the moment.
David Johnson, CD, MVPRetiredCommented:
they still work on my Windows 10 Enterprise VM's
Cliff GaliherCommented:
The commands run without error.  But /detectnow, for certain, no longer *does* anything. Enterprise or otherwise.
David Johnson, CD, MVPRetiredCommented:
Thanks Cliff I didn't know it was replaced by
UsoClient.exe startscan

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
marceloNYCMiddle-Tier AdministratorAuthor Commented:
Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.