WSUS Superseded icons

How to identify and decline superseded updates in WSUS

Although you can use the server cleanup wizard, you may want from time to time to clean manually all superseded updates to clean your WSUS infrastructure.

Open the Windows Update Services MMC then select the All Updates View as you can see below.

Set the display to show the Approval status of ‘Any except Declined’ with a Status of ‘Any’, then  Click Refresh.

Right click in the title bar and  Enable the ‘Supersedence’ column to make it visible.


Select and Decline the Superceded Updates

The updates to be declined have one of two particular flowchart symbols for their updates pictured in the attached image.  Select the correct updates and Decline them by either right-clicking the selected updates and clicking decline or by pressing the decline button in the action pane.

Now there are 4 options:

  • No icon: update doesn’t supersede another one nor is it superseded by an update
  • supersedes updat Blue square on top: this update supersedes another update, these updates you do not want to clean…!!
  • supersedes update2  Blue square in the middle: this update has been superseded by another update, and superseded another update as well, this is an example of an update you may want to clean (decline)
  • supersedes update1  Blue square in the right below corner: this update has been superseded by another update, this is an example of an update you may want to clean (decline)

Run the Server Cleanup Wizard

Make sure you have all options selected in the wizard and let it run.  It will delete the files from the declined updates.

OPTIONAL: Automatic Approval Options

In the automatic approval options, under the advanced tab, there is an option to automatically approve update revisions for previously approved updates and subsequentially decline the now expired updates.  I suggest you select them.

Note: Always verify that all superseding updates are approved before doing this operation!

Get primary and secondary mail address

Get-Mailbox -ResultSize Unlimited |Select-Object DisplayName,ServerName,PrimarySmtpAddress, @{Name=“EmailAddresses”;Expression={$_.EmailAddresses |Where-Object {$_.PrefixString -ceq “smtp”} | ForEach-Object {$_.SmtpAddress}}} | Export-Csv E:\mailid.csv –NoTypeInformation



*The Primary SMTP address has a PrefixString of “SMTP” all others are a lower case “smtp”

Back up your NTFS security permissions


Here is example syntax that you can use to proactively back up your NTFS permissions:

Subinacl /noverbose /output=c:\ntfs_perms.txt /subdirectories “Path to the Folder whose NTFS permissions we have to Backup”

To backup the permissions of the folder, subfolders and files on folder called Data on the G: drive:

subinacl /noverbose /output=c:\ntfs_perms.txt /subdirectories G:\data\

If you wanted to just backup the NTFS permissions for the entire drive, the command would look like this:

subinacl /noverbose /output=c:\ntfs_G_drive_perms.txt /subdirectories G:\*.*

Most of you will probably not be concerned with backing up down to the file level, and are satisfied with just backing up the permissions at the directory level.  Backing up the permissions for just the directories can be achieved with the following syntax:

subinacl /noverbose /output=c:\G_driveNTFSperms.txt /subdirectories=directoriesonly G:\*.*


The contents of the file created by subinacl are viewable in your favorite text editor:


To restore the permissions on the drive using the file that you backed them up to:

Subinacl /playfile c:\G_driveNTFSperms.txt



Test it out thoroughly in your lab environment before rolling it out to production.

DFS Error error ID: 9032 (The connection is shutting down). Event ID: 5002

1.DFS Replication cannot replicate with partner <server> due to a communication error. The DFS Replication service used partner DNS name <server.domain>, IP address x.x.x.x, and WINS address <server> but failed with error ID: 9032 (The connection is shutting down). Event ID: 5002.

The problematic replicated folder is “waiting for initial replication”, this could be due to not setting the primary member

Please run the following command to find if you have any primary server already for that RG name (IsPrimary=Yes)
Dfsradmin Membership List /RGname:<replication group name> /attr:MemName,RFName,IsPrimary

If the result shows the value for IsPramary attribute is “No”, that means you don’t have any primary server. In this situation, you may set the primary server using the following command
Dfsradmin Membership Set /RGName:<replication group name> /RFName:<replicated folder name> /MemName:<computer name of the member you want to set> /IsPrimary:True

Example : dfsradmin membership set /\namespace\source /RFName:source /memname:Server1 /isPrimary:True

2. Increase the staging folder size to double for the problematic replicated folder if space is available.