Avatar of marceloNYC
marceloNYC
Flag for United States of America asked on

Integrating WSUS to Active Directory

Hello Experts,

I need some help integrating a WSUS server to an Active Directory organization.

The WSUS server needs to know the systems it needs to update.

How do I do that?
WSUSActive Directory

Avatar of undefined
Last Comment
marceloNYC

8/22/2022 - Mon
Andy M

You'd apply a group policy to the PC's so they communicate back to your WSUS server. They should then appear automatically and you can make amendments accordingly from there.

https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
marceloNYC

ASKER
OKay, I m going to try it now... I 'll update you soon
Cliff Galiher

Ultimately WSUS is still a back end for windows uodate. Which is inherently a "pull" uodate system. You can't force WSUS to "know" which systems it need to update. Even with ient-side targeting, it is up to the client to check in, and only then will WSUS be aware of the system and its status. And deleting a system from AD doesn't remove it from WSUS.

If you really need server-side tracking and reporting, you'll need an agent-based system with alerts about systems out of compliance. Microsoft's play in that space is SCCM. And there are other 3rd-party solutions. But WSUS won't get there alone.
Your help has saved me hundreds of hours of internet surfing.
fblack61
marceloNYC

ASKER
I tried this not sure is working.

I do not see the computer that is added to the server.

https://www.itprotoday.com/windows-8/deploying-windows-server-update-services-domain-environment-and-using-group-policies
Cliff Galiher

As I said. WSUS is inherently a pull system. No computer will show up in WSUS until that client receives the group policy "and" windows update decides to check it. Which is is allowed to do at its leisure. It can take a day or two before you see systems appear with properly configured group policies. Improperly configured group policies can cause systems to never check in and therefore would never appear in WSUS.
David Johnson, CD

first use rsop or gpresult  and check that your group policy is applied
if yes applied.  from an elevated cmd prompt

wuauclt /resetauthorization /detectnow  
wuauclt /reportnow

Open in new window


you should now see that computer in the unassigned computers or all computers list in WSUS
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Cliff Galiher

I recall that those commands no longer work as expected in Win10. But am not in a place to find their replacements at the moment.
David Johnson, CD

they still work on my Windows 10 Enterprise VM's
Cliff Galiher

The commands run without error.  But /detectnow, for certain, no longer *does* anything. Enterprise or otherwise.

https://blogs.technet.microsoft.com/yongrhee/2017/11/09/wuauclt-detectnow-in-windows-10-and-windows-server-2016/
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
ASKER CERTIFIED SOLUTION
David Johnson, CD

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
marceloNYC

ASKER
Thank you!