Its very easy to make assumptions, one assumption I seem to make frequently is assuming all of the domain controllers in a forest are at the same patch level. If any of you have ever talked to someone from MS usually the first thing they will have you do is install multiple patches related to files of the component that are having issues. This usually gets done on the server having the issue at the time and rarely is there follow up by the Admin to get those files pushed out to the rest of the servers. This can cause problems, it puts the environment at risk and could cause instability. Here is an extremely easy way to pull information about patches installed on all your domain controllers.
$default_log = $env:userprofile + '\Documents\report_dc_installed_Hotfixes.csv'
In large environments, this could take a few moments to run.
After it is complete open the file and look at the results to make sure it gathered data.
Open it in Excel and perform some pivot magic.
Set up the pivot chart fields to look like this
A pretty graph showing hotfix counts for each DC
Now lets change the view to show what patches are missing from each machine. Change the field lists on the right to look like this and move the graph out of the way.
The table should look like this now.
Sort the Grand Total Colum to ascending.
This table provides a nice view of the patches not installed on Domain Controllers.
Most PowerShell cmdlets I am using can be found all over the web. My goal is to show you different ways to view the data and report on it. Excel and it’s built in free BI capability is an under utilized tool that really helps analyze huge amounts of data in minimal time. I hope this blog helps.
Download the Code – Technet Script Gallery