analytics

How to synchronize your Active Directory computers with WSUS and Lansweeper

How to synchronize your Active Directory computers with WSUS and Lansweeper

How to synchronize your Active Directory computers with WSUS and Lansweeper

Every system administrator knows it - employees come to or leave the company and the Active Directory has to be meticulously maintained, otherwise nobody knows which computers and users are still needed and which are already out of date, or maybe only in general. If you then think about removing a computer from the Active Directory, the objects often remain in other systems such as WSUS or Lansweeper. The only way to avoid this is by introducing processes - ideally, of course, IT-based processes that take over the removal of the computer objects.

In the Lansweeper you can activate the AD synchronization to avoid the problem. How to deal with the WSUS? What to do if the systems already have differences in the number of computers? Then there is only the way to clean it up. Sure, I can create a report of all systems, but sorting out the computers that are in three different reports is tedious. It would be much better to have all computers in one report for all three systems.

I have written a PowerShell script that does just that for you.

You need that for the PowerShell Script

  • Active Directory Tools installed (RSAT for Directory Services) (Import modules Active Directory)
  • Administrator rights on the WSUS server (both WSUS and downstream server are possible)
  • My OpenSource Tool: API-Lansweeper installed

The PowerShell script explains

The PowerShell Script is divided into three sections. First the Active Directory PowerShell module is loaded to determine all AD computer objects. In the second step, the Lansweeper API (must be installed additionally) is queried and the computer assets are determined. Redundant computers are sorted out in the for loop. Adjust the URL to your API Lansweeper installation here (localhost:85).

In the last step, all WSUS computer objects are queried. Adjust the connection information to your WSUS server here. If you query a downstream server via SSL, you only need to enter the host name. Otherwise check port and SSL ($ True). In the last step, all the information collected is summarized for you and output in a grid. Alternatively, you can also use Export-CSV or Export-Excel (ImportExcel module required).

The Script

#Get-WindowsCapability -Online | ? {$_.Name -like "*RSAT*" -and $_.State -eq "NotPresent"} | Add-WindowsCapability -Online
# Oder:
#DISM /Online /Add-Capability /CapabilityName:Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
#Install-Module ImportExcel

class HostInfo {
    [string]$Hostname
	[string]$LastSync
}

## Get AD Computers
Import-Module ActiveDirectory
$computers = Get-ADComputer -Filter * -Properties * | select DNSHostName, Created, LastLogonDate, OperatingSystem, IPv4Address, Description

## Get Lansweeper Computers
$response = Invoke-WebRequest -Uri "http://localhost:85/api/Values"  # Enter URL for API Lansweeper here
$data = ConvertFrom-Json $([String]::new($response.Content))

$lansweeper_machines = @()
foreach($d in $data) {
    $obj = @([HostInfo]@{Hostname=$d.AssetName})

    $found = $False
    foreach($entry in $lansweeper_machines) {
        if ($entry.Hostname -eq $obj.Hostname) {
            $found = $True
            break;
        }
    }

    if ($found -ne $True) { $lansweeper_machines += $obj  }
}


## Get WSUS Computers
$srv = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("MyWSUS.Domain.Int",$True,8531) # WSUS server. Check SSL and port!
$wsusdata = (Get-WsusComputer -UpdateServer $srv -IncludeDownstreamComputerTargets)
$wsuscomputers = @()

foreach($d in $wsusdata) {
		$comp = $d.FullDomainName.Split('.')[0]
        $obj = @([HostInfo]@{Hostname=$comp;LastSync=$d.LastReportedStatusTime})
    
        $found = $False
        foreach($entry in $wsuscomputers) {
            if ($entry.Hostname -eq $obj.Hostname) {
                $found = $True
                break;
            }
        }
    
        if ($found -ne $True) { $wsuscomputers += $obj  }
    }

class OutputData {
    [string]$Hostname = ""
	[string]$Description = ""
	[string]$OS = ""
    [string]$LastLogon = ""
    [boolean]$isInLansweeper = $False
    [boolean]$isInWSUS = $False
	[string]$LastWsusSync = ""
}

$reportData = @()

foreach($comp in $computers) {
    $isInLansweeper = $False
    $isInWSUS = $False
    $splittedName = $comp.DNSHostName.Split('.')[0].ToLower()

    foreach($lscomp in $lansweeper_machines) {
        if ($splittedName -like $lscomp.Hostname.ToLower()) {
            $isInLansweeper= $True
            break;
        }
    }

    foreach($wsuscomp in $wsuscomputers) {
        if ($splittedName -like $wsuscomp.Hostname.ToLower()) {
            $isInWSUS = $True
			$LastWsusSync = $wsuscomp.LastSync
            break;
        }
    }

    $repobj = @([OutputData]@{Hostname=$splittedName;Description=$comp.Description;OS=$comp.OperatingSystem;LastLogon=$comp.LastLogonDate;isInLansweeper=$isInLansweeper;isInWSUS=$isInWSUS;LastWsusSync=$LastWsusSync})

    $reportData += $repobj
}

$reportData | Out-GridView

#$reportData | Export-Excel

Did you like the post?

Become a Patreon and support my work. As a thank you, you will receive exclusive articles, be listed as a sponsor for all my open source projects (do-follow backlink) and get access to exclusive articles.
Don't fancy Patreon? You can also easily support me if you like this article or share it on social media. Thank you!