One-Liner: Domain Controller Patch Levels

Before performing work against your Active Directoy, it's prudent to complete a few checks, e.g. is replication healthy, are my FSMOs up, do I have up-to-date, verified backups etc?

Here's a one-liner to give you a view of whether your patch levels are consistent:

Get-ADDomainController -Filter * | ForEach-Object {

$HotFixes = (Get-HotFix -ComputerName $_.Name).Count

Write-Host "$($_.Name): $($_.OperatingSystem) : $HotFixes HotFixes"



Remember, this is only a view, a starting point for further analysis...

"...One foot in sea, and one on shore,
To one thing constant never..."


Comments (6)
  1. @Turbomcp: thanks for making the one-liner v2-friendly. All of my examples are written in v4 BTW.

    1 hotfix?! 😉

  2. turbomcp says:

    great stuff

  3. turbomcp says:

    when I run it I see $hotfixes is blanked
    although I when I run it without .count I see there is one hotfix

  4. turbomcp says:

    maybe like this:
    Import-Module activedirectory
    Get-ADDomainController -Filter * | ForEach-Object {

    $HotFixes = ((Get-HotFix -ComputerName $_.Name)|measure).count

    Write-Host "$($_.Name): $($_.OperatingSystem) : $($HotFixes) HotFixes"


  5. turbomcp says:

    yeah I thought that was the cause so I ran it on my 2012 r2 and got same thing
    yeah its 1 hotfix:) some image I use no patches:) for testing
    Thanks, I always enjoy and learn something new

  6. Naytaris says:

    Very useful, thanks.

Comments are closed.

Skip to main content