Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WSUS Computer Group sync to AD

Status
Not open for further replies.
disturbedone

disturbedone

Vendor
Sep 28, 2006
781
AU
I have a single WSUS server on W2K3. Clients receive a GPO putting them in a particular Computer Group on the WSUS server. They receive the updates correctly.

I've recently cleaned up AD and disabled moved old computers to an OU called 'DECOMMISIONED' and after 2mths I will delete them permanently them. Before you ask, this is just so I can enable the computer objects if I'd accidentally disabled one I shouldn't have.

There are dozens of old computers that no longer exist and therefore haven't contacted the WSUS server in a long time. I'm sure I know the answer but I'll ask and see what others think or have opinions on......do these old computers ever get removed from WSUS? I'm pretty sure they don't ie there's no sync to AD as such. It's a pain to have to manually delete computers from WSUS that are no longer used and are just cluttering up the screen with big red crosses but if that's the way it has to be then I'll just have to do it.

Ideas/thoughts?
 
Sort by date Sort by votes
I do not believe they do. Even when you remove them from AD. It does not appear that the list of computers in WSUS have a firm link to AD because I often delete the computer out of AD and sometimes reuse a name and WSUS only updates some of the info when it is contacted by the computer.

Maybe someone else can answer this more definitivly, but if you mistakenly delete the computer out of WSUS, doesn't it just come back next time it connects?
 
Upvote 0 Downvote
Almost correct but slightly confused ;)

Deleting from WSUS would then be recreated because AD GPO would tell the computer to contact the WSUS server. But my query is regarding deleting from AD and it deleting from WSUS which I don't think is possible. It looks like I have to manually delete from WSUS for anything that hasn't contacted it in X mths.
 
Upvote 0 Downvote
Don't you just run the 'Server Cleanup Wizard' from within the WSUS console, under 'Options'?
I've only got 200 PC's to look after, so its not a major problem for me, so not really used the cleanup wizard - but would make sense that it does stuff like this.

Thanks, Mark
 
Upvote 0 Downvote
@Jack, didn't know that one existed so thanks for that. Unfortunately it's still a manual process. Much the same as what I did the other day and sort computers by last contact, shift-select, and delete. Now if only they could automate this process to run once a wee/once a month or something :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
240
antonio_dsanchez
antonio_dsanchez
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
345
suncit
suncit
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
222
DTGMI
DTGMI
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
151
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
253
microsGuy16
microsGuy16

Part and Inventory Search

Sponsor

Back
Top