we have 3 WSUS Replica Servers and one central server the replicas are connected to. From the central server we are managing the 3 replicas. All Clients are only connected to the replicas.
I am trying to create a PowerShell Script, that should approve only updates, that are required by any server.
My problem is: If I am quering the information about the "needed" count on the central server, I always get zero patches. This is because no clients are connected to the central server. How do I get this information for the sum of all four (or in practice three) servers?
What I currently have is:
# Get WSUS Server
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
$updateScope = new-object Microsoft.UpdateServices.Administration.UpdateScope;
$computerScope = new-object Microsoft.UpdateServices.Administration.ComputerTargetScope;
#Get all available Updates
$wsusupdates = $wsus.GetUpdates($updateScope)
$updateTotalCount = $wsus.GetUpdateCount($updateScope)
foreach($update in $wsusupdates)
{
# Get the summary
$summary = $update.GetSummary($computerscope);
$neededCount = ($summary.InstalledPendingRebootCount + $summary.NotInstalledCount)
# Only install, if any server needs the update
if ($neededCount -gt 0)
{
$update.Approve("Install", ($wsus.GetComputerTargetGroups() | Where-Object{$_.Name -eq $aSelectedWsusGroup}))
}
}
The key part is the line
$summary = $update.GetSummary($computerscope);
where I get the information of the updates - incl. the counts I need for the "is needed" calculation in the line after.
Finally the question is: How to include the replica server data in the update summary to figure out, if an update is required?
BTW: I tried to run the script remotely on the replicas from the central WSUS server but the approve-command is not allowed on replica servers.