# This is an example script only. import-module activedirectory [string]$KBNumber = "KB3011780" $DomainControllers = Get-ADDomainController -filter * [int]$DomainControllersCount = $DomainControllers.Count [int]$PatchedDCCount = 0 [int]$UnPatchedDCCount = 0 $UnpatchedDCs = @() Write-Output "Scanning $DomainControllersCount Domain Controllers for patch $KBNumber" ForEach ($DomainController in $DomainControllers) { $DomainControllerHostName = $DomainController.HostName $PatchStatus = Get-HotFix -ID $KBNumber -ComputerName $DomainController.HostName -ErrorAction SilentlyContinue IF ($PatchStatus.InstalledOn) { $PatchStatusInstalledOn = $PatchStatus.InstalledOn Write-Output "$DomainControllerHostName patched on $PatchStatusInstalledOn" $PatchedDCCount++ } Else { Write-Warning "$DomainControllerHostName is NOT patched for $KBNumber (or could not be contacted)" [array]$UnpatchedDCs += $DomainController.HostName $UnPatchedDCCount++ } } Write-Output "Out of $DomainControllersCount DCs, Patched: $PatchedDCCount & UnPatched: $UnPatchedDCCount " IF ($UnpatchedDCs) { Write-Output "The following DCs are NOT patched for $KBNumber" $UnpatchedDCs }