≡ Menu

Add Computers to WSUS Group Using PowerShell

WSUS is still a good choice for Windows Administrators to deploy patches. This article will demonstrate how to add a Computer account to WSUS Group using PowerShell.

This activity will look cumbersome and time consuming when you want to add large no. of computers to a WSUS Group. The manual procedure involves, searching each computer and right click on it, change group membership and then select the group name that you want to move.

I faced similar situation and wanted to automate it though it is a one time task for me. A quick search in Google led me to basics of managing WSUS using PowerShell written by Boe Prox. I make up a quick script based on this article and able to move computers to new group in no time.

First we need to establish connection to WSUS.

#Connect to WSUS server            
            
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")            
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("localhost",$False)

Once the connection established, we should get a reference to Computer Group to which you want to add computers. The $GroupObj will hold the result.

#Get reference to WSUS Group to which you want to add computer account            
$GroupObj = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq "MyNewGroup"}

Similarly we need to get reference to Computer object that we want to add. The SearchComputerTargets() method allows us to search for computer accounts matching a given name. Note that this method will always return a array even though the search returns a single computer object. That is the reason I have used a for loop to add all results from search operation. If you don’t want to perform add operations if the search results are more than one, then just perform a check on the $CompObj array to see how many items it is containing. If the count is 1, then search operation resulted in finding one computer. Based on this value you can process further.

#Search for the computer account that you want to add            
$CompObj = $wsus.SearchComputerTargets("Server01")            
            
#Add computer to the WSUS Group            
foreach($Comp in $COmpObj) {            
    $GroupObj.AddComputerTarget($Comp)            
}            

You won’t see a error message at the end of addition if successful.

Windows 8.1 and Windows Server 2012 R2 has a built PowerShell module for managing WSUS which you may want to take a look.

Comments on this entry are closed.

  • Rapp February 15, 2016, 3:05 am

    How would I edit this so that I can use wildcards for the computer names? eg *laptop*

    • Wintel Rocks February 24, 2016, 8:23 pm

      The WSUS method doesn’t accept wildcards. You need to give the exact computer name. Alternative is to create a list of computers you want add and call the function through foreach loop.

  • Tom September 2, 2019, 8:04 pm

    In the following line:

    $GroupObj = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq “MyNewGroup”}

    How do you represent a nested target group name such as companies\company_a\group1 etc? Would you delimit the groups with slashes or commas etc?

    • Wintel Rocks October 7, 2019, 5:06 pm

      Depends on the nested group is displayed with the below command.
      $wsus.GetComputerTargetGroups()