Integrating WSUS to Active Directory

marceloNYC
marceloNYC used Ask the Experts™
on
Hello Experts,

I need some help integrating a WSUS server to an Active Directory organization.

The WSUS server needs to know the systems it needs to update.

How do I do that?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Andy MIT Systems Manager

Commented:
You'd apply a group policy to the PC's so they communicate back to your WSUS server. They should then appear automatically and you can make amendments accordingly from there.

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
marceloNYCMiddle-Tier Administrator

Author

Commented:
OKay, I m going to try it now... I 'll update you soon
Distinguished Expert 2018

Commented:
Ultimately WSUS is still a back end for windows uodate. Which is inherently a "pull" uodate system. You can't force WSUS to "know" which systems it need to update. Even with ient-side targeting, it is up to the client to check in, and only then will WSUS be aware of the system and its status. And deleting a system from AD doesn't remove it from WSUS.

If you really need server-side tracking and reporting, you'll need an agent-based system with alerts about systems out of compliance. Microsoft's play in that space is SCCM. And there are other 3rd-party solutions. But WSUS won't get there alone.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

marceloNYCMiddle-Tier Administrator

Author

Commented:
I tried this not sure is working.

I do not see the computer that is added to the server.

https://www.itprotoday.com/windows-8/deploying-windows-server-update-services-domain-environment-and-using-group-policies
Distinguished Expert 2018

Commented:
As I said. WSUS is inherently a pull system. No computer will show up in WSUS until that client receives the group policy "and" windows update decides to check it. Which is is allowed to do at its leisure. It can take a day or two before you see systems appear with properly configured group policies. Improperly configured group policies can cause systems to never check in and therefore would never appear in WSUS.
Top Expert 2016

Commented:
first use rsop or gpresult  and check that your group policy is applied
if yes applied.  from an elevated cmd prompt

wuauclt /resetauthorization /detectnow  
wuauclt /reportnow

Open in new window


you should now see that computer in the unassigned computers or all computers list in WSUS
Distinguished Expert 2018

Commented:
I recall that those commands no longer work as expected in Win10. But am not in a place to find their replacements at the moment.
Top Expert 2016

Commented:
they still work on my Windows 10 Enterprise VM's
Distinguished Expert 2018

Commented:
The commands run without error.  But /detectnow, for certain, no longer *does* anything. Enterprise or otherwise.

https://blogs.technet.microsoft.com/yongrhee/2017/11/09/wuauclt-detectnow-in-windows-10-and-windows-server-2016/
Top Expert 2016
Commented:
Thanks Cliff I didn't know it was replaced by
UsoClient.exe startscan

Open in new window

marceloNYCMiddle-Tier Administrator

Author

Commented:
Thank you!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial