If you manage a Windows Server Update Services (WSUS) server, you probably run the Server Cleanup Wizard every once and a while. It removes old and superseded updates and computers that haven’t reported their status for more than 30 days. Wouldn’t it be nice to schedule such a cleanup to run every month? Too bad there’s no command line tool I know of that can help you out with this. Powershell to the rescue!
Powershell can not only run the built-in commandlets or even those added by snapins. It can leverage the full power of the .NET Framework. Browse the MSDN Library if you want to find more cool things you can do with it. Here’s a script that uses this information to run the cleanup wizard:

#Region VARIABLES
 
# WSUS Connection Parameters:
[String]$updateServer = "myWSUSServer.domain.local"
[Boolean]$useSecureConnection = $False
[Int32]$portNumber = 80
 
# Cleanup Parameters:
# Decline updates that have not been approved for 30 days or more, are not currently needed by any clients, and are superseded by an aproved update.
[Boolean]$supersededUpdates = $True
# Decline updates that aren't approved and have been expired my Microsoft.
[Boolean]$expiredUpdates = $True
# Delete updates that are expired and have not been approved for 30 days or more.
[Boolean]$obsoleteUpdates = $True
# Delete older update revisions that have not been approved for 30 days or more.
[Boolean]$compressUpdates = $True
# Delete computers that have not contacted the server in 30 days or more.
[Boolean]$obsoleteComputers = $True
# Delete update files that aren't needed by updates or downstream servers.
[Boolean]$unneededContentFiles = $True
 
#EndRegion VARIABLES
 
#Region SCRIPT
 
# Load .NET assembly
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
 
# Connect to WSUS Server
$Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($updateServer,$useSecureConnection,$portNumber)
 
# Perform Cleanup
$CleanupManager = $Wsus.GetCleanupManager()
$CleanupScope = New-Object Microsoft.UpdateServices.Administration.CleanupScope($supersededUpdates,$expiredUpdates,$obsoleteUpdates,$compressUpdates,$obsoleteComputers,$unneededContentFiles)
$CleanupManager.PerformCleanup($CleanupScope)
 
#EndRegion SCRIPT

Download it here: Cleanup-Wsus (rename to .ps1)

Happy scheduling!

Hugo

»crosslinked«

Tagged with:
 

23 Responses to WSUS Cleanup with Powershell

  1. Miguel says:

    Thanks Hugo, I was looking for such script! I have a big hierarchy of WSUS replicas and it’s very messy having to do the clean manually, sever by server.

    I will give it a try!

    Cheers,
    Miguel

  2. admin says:

    @Miguel
    Hi Miguel,

    Thanks for the comment. Glad you like it!
    More tomorrow.
    Hugo

  3. Craig says:

    Receiving error:

    Unable to find type [Microsoft.UpdateServices.Administration.AdminProxy]: make sure that the assembly containing this type is loaded.
    At line:1 char:61
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]: <<<< :getUpdateServer($updateServer,$useSecureConnectio
    n,$portNumber)

    any ideaS?

  4. Kevin says:

    Please can you help?
    I have the port set to 443 is that problem below?
    Kevin

    Exception calling “GetUpdateServer” with “3” argument(s): “The underlying connection was closed: An unexpected error oc
    curred on a receive.”
    At C:\Scripts\Scripts\cleanup-wsus.ps1:30 char:78
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer( <<<< $updateServer,$useSecureConnectio
    n,$portNumber)
    You cannot call a method on a null-valued expression.
    At C:\Scripts\Scripts\cleanup-wsus.ps1:33 char:42
    + $CleanupManager = $Wsus.GetCleanupManager( <<<< )
    You cannot call a method on a null-valued expression.
    At C:\Scripts\Scripts\cleanup-wsus.ps1:35 char:31
    + $CleanupManager.PerformCleanup( <<<< $CleanupScope)

  5. Danny says:

    Should you use this script and encounter the following error:
    Exception calling “GetUpdateServer” with “3” argument(s): “The request failed with HTTP status 407: Proxy Authentication Required.”

    Try running the script locally on your WSUS server, and change line 4 to (instead of using the FQDN):
    [String]$updateServer = “localhost”

  6. Anil Aliyan says:

    I am using WSUS 3 SP2 and from powershell i get the following error.

    New-Object : Cannot find an overload for “.ctor” and
    At C:cleanup-wsus.ps1:27 char:27
    + $CleanupScope = New-Object <<<< Microsoft.UpdateSe
    tes)
    Exception calling "PerformCleanup" with "1" argument(
    Parameter name: cleanupScope"
    At C:cleanup-wsus.ps1:28 char:31
    + $CleanupManager.PerformCleanup( <<<< $CleanupScope)

    • admin says:

      Anil,

      Make sure the assembly loads OK, by temporarily removing the [void] and watch for errors.
      Also, make sure there are no characters missing or added due to copying the script from my site. Retype it if you need.
      Hope that helps.
      Hugo

  7. Bean says:

    How can you add logging and allow results of the cleanup to output to a log file?

    • admin says:

      Hi Bean,
      The cleanup method dos not return anything when successful. So there’s not much to log.
      Error handling is a field I’m not too familiar with. Try looking up some information about Powershell error handling on the web.
      Greetings,
      Hugo

  8. bilal says:

    hai, thnx for the script. i think i works good because no errors, but syncronisations ar not cleaned up.

  9. Mikael says:

    I do love the possibility of automating this.
    Although I have one problem. I get timeouts running the script. Is there a way to change the timeout value ?

  10. Hello.

    Is there anyway to run this against multiple WSUS servers from the one script?

  11. Athi says:

    Hi Hugo,

    Thanks for script.. I hv saved the script as bat and run it.. But how do I check whether the script is cleaning..

    Thanks

  12. Dave says:

    Hi Hugo,

    Your script looks great, unfortunately I get an error I’m not sure of…

    PS C:\Scripts> C:\Scripts\cleanup-wsus.ps1
    Exception calling “GetUpdateServer” with “3” argument(s): “The request failed with HTTP status 404: Not Found.”
    At C:\Scripts\cleanup-wsus.ps1:30 char:78
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer <<<< ($updateServer,$useSecureConnection,$portNumber)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    You cannot call a method on a null-valued expression.
    At C:\Scripts\cleanup-wsus.ps1:33 char:42
    + $CleanupManager = $Wsus.GetCleanupManager <<<< ()
    + CategoryInfo : InvalidOperation: (GetCleanupManager:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At C:\Scripts\cleanup-wsus.ps1:35 char:31
    + $CleanupManager.PerformCleanup <<<< ($CleanupScope)
    + CategoryInfo : InvalidOperation: (PerformCleanup:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    Any idea what I've done wrong??

  13. Capricorn says:

    Check your port number. May be Wsus server is listening on 8530 not 80.

  14. Capricorn says:

    My one is on 8530 and after changing the port no the script is working fine.

    Thanks Hugo.

  15. Umapathi says:

    We have configured wsus server listening port to 80 (default), but still its not working.

    Exception calling “GetUpdateServer” with “3” argument(s): “The underlying connection was closed: An unexpected error oc
    curred on a receive.”
    At C:\WsusAgent 7.6\Cleanup-wsus.ps1:30 char:78
    + $Wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer <<<< ($updateServer,$useSecureConnectio
    n,$portNumber)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    You cannot call a method on a null-valued expression.
    At C:\WsusAgent 7.6\Cleanup-wsus.ps1:33 char:42
    + $CleanupManager = $Wsus.GetCleanupManager <<<< ()
    + CategoryInfo : InvalidOperation: (GetCleanupManager:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

    You cannot call a method on a null-valued expression.
    At C:\WsusAgent 7.6\Cleanup-wsus.ps1:35 char:31
    + $CleanupManager.PerformCleanup <<<< ($CleanupScope)
    + CategoryInfo : InvalidOperation: (PerformCleanup:String) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

  16. Jo Lambrecht says:

    Hello,
    Thanks for the nice script wich i’ve been looking and searching for. Altough I get an “error” on the last line $CleanupManager.PerformCleanup($CleanupScope)

    When i execute this line i get the following message :
    Exception calling “PerformCleanup” with “1” argument(s): “Timeout expired. The timeout period elapsed prior to completion of the operation or the server is not responding.
    The statement has been terminated.”
    At line:1 char:31
    + $CleanupManager.PerformCleanup <<<< ($CleanupScope)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    I suggest that the cleanup is not executed then ? How can i avoid the timeout ?
    Any help would be appriciated.

    Regards,
    Jo

Leave a Reply