we are slowing moving every machine to SCCM patching lately, and I have to move 100 machines each week, so I created this automated powershell script to run weekly.
1.My first script is to move machines to a new OU with SCCM as the WSUS server :
$pcs = Get-Content “C:\\Patching\1.txt”
foreach($pc in $pcs) {
get-adcomputer $pc | Move-ADObject -TargetPath ‘OU=SCCM Testing,OU=Laptop,OU=Employee,OU=User-Computers,DC=xxx,DC=xxx,DC=xxx’
}
2.And once they are moved, I create a new collection for them and add them to this new collection.
# Add computer list from txt file to new collection
# Ray Qiu
# 3/20/2017Import-Module $env:SMS_ADMIN_UI_PATH.Replace(“\bin\i386″,”\bin\configurationmanager.psd1”)
$SiteCode = Get-PSDrive -PSProvider CMSITE
Set-Location “$($SiteCode.Name):\”$newcollection = ’04’
#Step 2
New-CMDeviceCollection -Name $newcollection -LimitingCollectionName ‘All Systems’#Step 3
$Collection = Get-CMDeviceCollection -Name $newcollection#Step 4
Move-CMObject -InputObject $Collection -FolderPath ‘XXX:\DeviceCollection\Patching List’#Step 5
$pcs = Get-Content “C:\Users\xxx\Patching\1.txt”
Foreach ($pc in $pcs){
$resource =[INT](Get-CMDevice -name $pc).ResourceID
echo $pc
echo $resource
$resource.GetType().FullName
Add-CMDeviceCollectionDirectMembershipRule -CollectionName $newcollection -ResourceId $resource}
3. Now I deploy update for these new machines, first week they get the windows 7 baseline patching, and second week they get the latest monthly patching:
# Deploy Updates
# Ray Qiu
# 3/20/2017# Change SUPGroupName to match the name of the Software Update Group that you wish to deploy
$SUPGroupName = “Windows 7 Baseline”
$SUPGroupName2 = “Workstation Monthly”
$CollName = “02”#Load Configuration Manager PowerShell Module
Import-module ($Env:SMS_ADMIN_UI_PATH.Substring(0,$Env:SMS_ADMIN_UI_PATH.Length-5) + ‘\ConfigurationManager.psd1’)#Get SiteCode and set Powershell Drive
$SiteCode = Get-PSDrive -PSProvider CMSITE
Set-location $SiteCode”:”# Create Deployments
Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName “$SUPGroupName” -CollectionName “$CollName” -DeploymentName “$SUPGroupName-$CollName” -DeploymentType Required -VerbosityLevel OnlySuccessandErrorMessages -TimeBasedOn LocalTime -DeploymentAvailableDay (Get-Date).AddDays(1) -EnforcementDeadlineDay (Get-Date).AddDays(1) -UserNotification DisplayAll -SoftwareInstallation $True -AllowRestart $True -RestartServer $True -RestartWorkstation $False -ProtectedType RemoteDistributionPoint -UnprotectedType UnprotectedDistributionPoint -GenerateSuccessAlert $False -DisableOperationsManagerAlert $False -GenerateOperationsManagerAlert $False -PersistOnWriteFilterDevice $False -UseBranchCache $False
Start-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName “$SUPGroupName2” -CollectionName “$CollName” -DeploymentName “$SUPGroupName2-$CollName” -DeploymentType Required -VerbosityLevel OnlySuccessandErrorMessages -TimeBasedOn LocalTime -DeploymentAvailableDay (Get-Date).AddDays(7) -EnforcementDeadlineDay (Get-Date).AddDays(7) -UserNotification DisplayAll -SoftwareInstallation $True -AllowRestart $True -RestartServer $True -RestartWorkstation $False -ProtectedType RemoteDistributionPoint -UnprotectedType UnprotectedDistributionPoint -GenerateSuccessAlert $False -DisableOperationsManagerAlert $False -GenerateOperationsManagerAlert $False -PersistOnWriteFilterDevice $False -UseBranchCache $False