Powershell 可以借助邮件通知定期报告WSUS 客户端与WSUS 服务器端的同步状态, 来为管理员提供参考数据, 判断客户端是否需要从WSUS 服务器端清除
#region Check all group clients last sync time, report long time not sync to WSUS
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") #void Admin permission
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($wsusFQDN,$true,8531)
$wsusgroups = $wsus.GetComputerTargetGroups() |?{$_.Name -ne 'All Computers'} |select Name |sort Name
$exceptlist = @()
foreach($wgroup in $wsusgroups.Name)
{
$groupcount = Get-WsusComputer -UpdateServer $wsusserver -ComputerTargetGroups $wgroup
if($groupcount -match 'No computers available.')
{
continue
}
else
{
$clients = Get-WsusComputer -UpdateServer $wsusserver -ComputerTargetGroups $wgroup |select FullDomainName,IPAddress,OSDescription,ComputerRole,LastSyncTime,LastSyncResult,LastReportedStatusTime
foreach($client in $clients)
{
$lastsync = $client.LastSyncTime
$clientname = $client.FullDomainName
$clientipaddress = $client.IPAddress
if(($today - $lastsync).days -gt 3) # If client sync with WSUS server greater than 3 days will be report
{
$filtercmdb = $serverlist |?{$_.FQDN -eq $clientname -and $_.PrimaryIP -eq $clientipaddress}
if($filtercmdb -eq $null) # If wsus client not in CMDB, will delete from WSUS database
{
$filteroutserver = $wsus.SearchComputerTargets($clientname)
$filteroutserver[0].Delete()
}
else
{
$client |Add-Member -MemberType NoteProperty -Name GroupName -Value $wgroup -Force
$exceptlist += $client
}
}
}
}
}
$reportexcept = $exceptlist |select GroupName,FullDomainName,IPAddress,OSDescription,ComputerRole,LastSyncTime,LastSyncResult,LastReportedStatusTime
if($reportexcept.count -gt 0)
{
#custom send mail
}
