≡ Menu

Find list of computers(targets) in a WSUS group using PowerShell

In this post, I will demonstrate how to query the list of computers in a WSUS group using PowerShell.


We all know that WSUS is a patching tool and we can create custom groups inside it to manage the approvals and to do better organization. When you have a various groups in WSUS console, how do you know the list of computers currently members of a given WSUS group. The PowerShell script described in this article will help you in querying this information.

Connect to WSUS server

First of all, we need to connect to the WSUS server from which you want to query the group information. The below code will help you to connect to a WSUS server and $wsus stores the reference information of that.

$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("SRVWSUS1",$False)

List all WSUS groups

Once connected to the server, we need to find out what all groups available in that particular WSUS server. This can be done by calling GetComputerTargetGroups() method.


Get the WSUS group you want

After you decide on the group that you want to query, just filter the output of the above command. For example, if the group that I am interested in is “America Computers”, then I can use something like to get the group I need.

$mygroup = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq "America Computers"}

List members of WSUS group

Once the group reference object is available, its matter of calling querying the member names (aka targets) of this group by invoking the method GetComputerTargets(). The output will contain list of computer objects along with other properties like last sync time, last reported time, etc. The below command will return all target computers FQDNs.

$mygroup.GetComputerTargets() | select FullDomainName

Hope this helps and happy learning.

Comments on this entry are closed.

  • Raj October 22, 2014, 7:06 pm

    This was very helpful article does the trick.

  • Andrew Thomas October 12, 2015, 7:29 am

    Great article

    If you get the following error when trying to connect to the WSUS server:
    Exception calling “GetUpdateServer” with “2” argument(s): “The request failed with HTTP status 404: Not Found.”
    You may need to specify the port that WSUS is using. To do this, use the third parameter in the connection string such as:
    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(‘WSUS-Server’,$False,8530)

    • TechiBee October 12, 2015, 8:53 pm

      Thanks for sharing it.

    • Skylab May 23, 2017, 12:10 pm

      This worked fine for me.

  • Ram March 5, 2016, 9:54 pm

    Can we get the list of kb article available in the WSUS for update and superceded article of each KB?

    • Wintel Rocks March 23, 2016, 11:02 pm

      Haven’t tried it before. Will let you know if I come across any

  • Ram March 5, 2016, 9:56 pm

    I need superseded kb article information please mail me on Bhawanraj@gmail.com

  • Thiru March 16, 2016, 11:38 am

    You can also try
    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

    This works when you’re running the script/command in the server itself.

  • Joe June 5, 2017, 4:09 am

    Everything works fine as far as listing all of the groups in WSUS. But when I add the last lines to list the members of the selected group, I don’t get anything returned. Just blank lines. Any idea what I am doing wrong ?

  • Joe June 5, 2017, 4:15 am

    I modified the script to dump all of the computers from every group in WSUS

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“drfvjmscwsusp01”,$False)
    $wsus.GetComputerTargets() | select FullDomainName

  • Joe July 17, 2017, 1:52 am

    Well, It turns out that I really do need to export the computers by group… so I run this code and it gives me the entire list of servers – not just the ones in the specified group…. any idea where I’m going wrong?

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“drfvjmscwsusp01”,$False)
    $wsus.GetComputerTargets() | select FullDomainName
    $mygroup = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq “Prod DMZ Servers”}
    $mygroup.GetComputerTargets() | select FullDomainName

  • Joe July 17, 2017, 6:35 am

    OK, I got it working. Same code, except I think the name is case sensitive.

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer(“drfvjmscwsusp01”,$False)
    $mygroup = $wsus.GetComputerTargetGroups() | ? {$_.Name -eq “PROD DMZ Servers”}
    $mygroup.GetComputerTargets() | select FullDomainName

  • Joe July 17, 2017, 6:43 am

    My bad – I believe I had an extra line of code.

  • Dave January 3, 2018, 11:14 am

    ($wsus.GetComputerTargetGroups() | where {$_.Name -eq “All Computers”}).getcomputertargets()

    returns values of only one of the Sub-Child Groups. Inshort this does not seem to show all computers.

    Neither does $wsus.getcomputertargets()

    Both these results are same, but does not show all the client computers that i see in the WSUS MMC.

    Any ideas?

    • Wintel Rocks January 20, 2018, 6:49 pm

      I remember this is something to do with querying downstream WSUS servers vs root WSUS servers.

  • bastien April 25, 2018, 8:14 pm

    Hi !
    I work for my company to remove with a powershell script only one PC with his name from wsus server. But, I have searched since 8:00 pm but I did not found any solution

    Can you help me ?

  • Mark Plaga August 22, 2019, 6:45 pm

    I believe this is what everyone was looking for. This scripts list all the groups, counts the members and lists the members.

    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()
    foreach( $group in $wsus.GetComputerTargetGroups() )
    Write-Host “Group: ” $group.Name ” – ” $group.GetComputerTargets().Count ” member(s)”
    $group.GetComputerTargets()|select FullDomainName

    Please let me know if this works for you. I’m not an expert at powershell but I needed this functionality so I spent 10 mins figuring it out.

  • Reginald Robinson III May 1, 2020, 9:49 pm

    All of this helped me. I am contributing what I did for my specific need. I wanted to see all of the servers by group in table format, also outputted to a file named for the group.
    $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer()

    foreach( $group in $wsus.GetComputerTargetGroups() )
    # Write-Host “Group: ” $group.Name ” – ” $group.GetComputerTargets().Count ” member(s)”
    $group.GetComputerTargets() | select RequestedTargetGroupName, FullDomainName | Sort-Object RequestedTargetGroupName | Format-Table -GroupBy RequestedTargetGroupName