WSUS Computer Group Management
-
Friday, December 07, 2012 2:59 PM
Hi Folks
Please help me with a question.
I have installed a New WSUS server. Migrated the Database and the patch approvals, Created the Computer Groups then repointed the clients to the new server. This so far has worked fine.
New Clients have reported in and are appearing in Unassigned Computers.
My question is this - Is there any way that i can move by bulk the computers in to the correct computer groups on the new server? i have various groups in the old server that contain certain machines. There is not any way to differentiate these from other computers in the list.
To Simplfy the question basically i need a way that i can search for a selection of computers from the Unnasigned computers group then move them by bulk to their appropriate group.
I have over 5000 computers so doing them one by one is not an attractive option.
All Replies
-
Friday, December 07, 2012 3:53 PM
If you have that many computers, you really should be using the "Use Group Policy or registry settings on computers" option.
Your 5000 computers are in more than one group in Active Directory, right?
- Marked As Answer by Clarence ZhangModerator Monday, December 17, 2012 2:34 AM
-
Friday, December 07, 2012 4:13 PMyep they are in different OU's in AD. Unfortuantely the project scope was to move the service "as is" so i dont have the resource allocation to do GPO changes to allocate the groups that way. Its on my list of recommendations for future deployments tho.
-
Friday, December 07, 2012 6:29 PM
Hi Folks
Please help me with a question.
I have installed a New WSUS server. Migrated the Database and the patch approvals, Created the Computer Groups then repointed the clients to the new server. This so far has worked fine.
New Clients have reported in and are appearing in Unassigned Computers.
My question is this - Is there any way that i can move by bulk the computers in to the correct computer groups on the new server? i have various groups in the old server that contain certain machines. There is not any way to differentiate these from other computers in the list.
To Simplfy the question basically i need a way that i can search for a selection of computers from the Unnasigned computers group then move them by bulk to their appropriate group.
I have over 5000 computers so doing them one by one is not an attractive option.
Since you have opted for the server-side targeting option, you will need to choose the computers manually and then move them to a group. You should be able to select multiple computers and then choose move to a group via the WSUS interface.
The other option is to use client-side targeting as suggested via GPO.
Here is some documentation on the differences between server-side targeting and client-side targeting.
Create the Computer GroupsHope this helps.
- Marked As Answer by Clarence ZhangModerator Monday, December 17, 2012 2:34 AM
-
Tuesday, December 11, 2012 2:38 PMModerator
My question is this - Is there any way that i can move by bulk the computers in to the correct computer groups on the new server? i have various groups in the old server that contain certain machines. There is not any way to differentiate these from other computers in the list.
To Simplfy the question basically i need a way that i can search for a selection of computers from the Unnasigned computers group then move them by bulk to their appropriate group.
First, Pepperdot's point that for an org of 5000 clients, yes you really should be using policy-based target group assignments.
Second, it may not be necessary to reorg your AD/OU structure -- and frankly, you shouldn't! The question becomes, how complicated do you want your WSUS Target Group structure to be. At it minimum, the purpose of target groups is to approve updates. Generally update approvals are driven by two factors: IF ... and ... WHEN. So you really only need groups to separate machines based on whether they will, or will not, get certain updates (e.g. a group for Server Core machines can be very useful), and groups based on when they get updates (the classic example here is the division between test, pilot, and production systems).
There are ways using GPO Security Filtering to achieve the assignments you need, but that may not be simple either.
Finally, to your original question ... yes, there is a tool available that can allow you to change these target group memberships offline, not necessarily in bulk, though. SolarWinds has a free WSUS utility, actually designed for a different purpose, but will work for this as well. The WSUSComputerMigrator tool was designed to export a list of groups and member computers from a source server using server-side targeting, and import them into a destination server replicated from the source server.
It can also be used to export, manipulate, and import groups and computers from the same WSUS server. It exports an XML file, by client, with the group membership for each client listed as a subelement. You can copy and paste the correct group element string into each computer that needs to be in that group, and then reimport the file. You can also do this in several stages, so you have the ability to test and verify your work, or even to prioritize which computers get assigned today vs which get assigned tomorrow.
The bad news is that this is a manual copy/paste activity in a text editor (or perhaps if you have an advanced XML editor of choice), so it won't be easy, or fast, but it might be a heck of a lot faster than moving computers one-at-a-time into their appropriate groups using the console.
Only if you opt not to use policy-based group assignment - which is the best option, actually.
Lawrence Garvin, M.S., MCITP:EA, MCDBA, MCSA
SolarWinds Head Geek
Microsoft MVP - Software Distribution (2005-2012)
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.- Marked As Answer by Clarence ZhangModerator Monday, December 17, 2012 2:34 AM
.png)
