SCCM – Using Powershell to effectively set maintenance windows for Patch Tuesday

In this post, I will show you an example of how you can use to PowerShell to automatically set your maintenance windows for Patch Tuesday and overcome the limitations of the recurrence schedule… well in other term, make them work every months. This script is based on the one from Octavian Cordos that you can also found on Technet; Original Script

Ok so now let’s have a look the script. First it will look for all collections where the name match the following pattern, *SU_Server_Montlhy_Autoreboot_Day_*. Then it will take the last character as to set the Maintenance Window X  number of days after the patch Tuesday. i.e  (SCCM-SU_Server_Monthly_AutoReboot_Day_6 will have a MW set 6 days after). If needed you can change this pattern to match you need, and here is a example of what I have in place:


By default the script will create a maintenance window from 1:00 AM to 5:00 AM with no recurrence and it will also clean previous Maintenance Window. Note that you can change the time of the MW in the script by modifying those 2 variables and this to match your needs;



So here’s a quick recap:

  1.  The script will scan your collections based on their name
  2. All Previous Maintenance Windows that apply to the collections who match this pattern will be deleted
  3. A Maintenance Window (who apply to Software Updates deployment) will be created for all your collections (that match the pattern) X number of day after the Patch Tuesday based on the last character in the name of the collection.

Download the script : here

PowerShell – Report Inactive AD Users

Recently I’ve start playing a bit with Powershell and here’s a script that I created to audit inactive user accounts in Active Directory. Quickly, the script is searching inactive users in a specific OU as well as all its child OUs.

Then, if there are inactive users, it going to send an email to each OU’s manager containing the following information as well as archiving all the html files into a folder.

Inactive User Report

Noted that in my case, all user’s OUs are within the same OU, such as;


So here’s the script;


#Import AD Module if required
if(@(get-module | where-object {$_.Name -eq “ActiveDirectory”} ).count -eq 0) {import-module ActiveDirectory}

#Define variable

#Report archive folder

#Get Child OUs
$searhOU = Get-ADOrganizationalUnit -SearchBase “ENTER_ROOT_OU_DISTINGUISHEDNAME” -filter * -SearchScope 2


foreach ($OU in $searhOU){

$OUName = $OU.Name

#Define HTML format
$head = @”
body { background-color:#FAFAFA;font-family:Arial;font-size:12pt; }
td, th { border:1px solid black;border-collapse:collapse; }
th { color:white;background-color:black; }
table, tr, td, th { padding: 2px; margin: 0px }
tr:nth-child(odd) {background-color: lightgray}
table { margin-left:50px; }
<H2>This report list inactive users in $OUName OU<BR></H2>

$users = Search-ADAccount -SearchBase $OU.DistinguishedName -accountinactive -TimeSpan $lastDays -usersonly -SearchScope 1 `
| Get-ADUser -Properties * `
| Sort-Object DisplayName `
| Select-Object @{n=’User Name’;e={$_.DisplayName}},@{n=’UserID’;e={$_.samAccountName}} `
,Description,@{n=’Last Logon Date’;e={$_.lastLogonDate}},@{n=’Created On’;e={$_.WhenCreated}} `
, @{n=’Enabled’;e={$_.Enabled}}

if ($users -ne $NULL){

$fragments += $users | ConvertTo-HTML -Fragment
$filePath = Get-Date -uformat ($folderPath + $OUName + “_%d%m%Y.htm”)

ConvertTo-HTML -Head $head -Body $fragments -PostContent “<br><br><i>report generated: $(Get-Date)</i>” `
| Out-File -FilePath $filePath -Encoding ascii

$to = $OU.ManagedBy | Get-ADObject -properties * | Select-Object -ExpandProperty mail
$subject = “Report – Inactive user”
$body = (get-content $filePath ) | out-string

send-MailMessage -SmtpServer $smtp -To $to -From $from -Subject $subject -Body $body -BodyAsHtml

$obj = $NULL
$fragments = $NULL
$users = $NULL


Remove-Variable * -Force -ErrorAction SilentlyContinue