The Where-Object cmdlet chooses items from the collection of objects that are supplied to it that have specific property values. The Where-Object cmdlet allows you to choose files that were made after a specific date, events with a specific ID, or computers running a specific version of Windows.
How Windows PowerShell 3.0 Where-Object Works?
The Where-Object cmdlet in Windows PowerShell 3.0 is used to filter a collection of objects based on a particular property. It works by iterating through each object in the collection and evaluating a script block against it. If the script block returns $true for a given object, that object is included in the output. If the script block returns $false, the object is excluded.
Here’s a breakdown of the basic syntax for using Where-Object:
In this syntax, is the collection of objects you want to filter, and is a script block that defines the condition you want to filter on. The { } braces indicate the script block.
For example, suppose you have a collection of numbers:
You can use Where-Object to filter out only the even numbers:
In this example, the powershell script block { $_ % 2 -eq 0 } evaluates the modulus of each number in the collection against 2. If the result is equal to 0, the number is even and the script block returns $true. If the result is not equal to 0, the number is odd and the script block returns $false. Only the even numbers are included in the output.
You can also use Where-Object with more complex conditions that involve multiple properties or methods of the objects in the collection. For example, you might use Where-Object to filter a collection of files based on their file extension:
In this example, Get-ChildItem is used to retrieve a collection of files in the C:\Temp directory. The Where-Object cmdlet is then used to filter out only the files with a .csv file extension. The $_ variable represents each file object in the collection, and we use the Extension property to access the file extension.
Overall, the Where-Object cmdlet is a powerful tool for filtering and selecting objects in PowerShell based on a wide range of conditions.
How to Use PowerShell Where-Object Command
Creating Filter Conditions with Scriptblocks
PowerShell’s scriptblocks are an essential element. The language contains countless instances where scriptblocks are used.
A PowerShell scriptblock is a function that is anonymous. It is a technique for dividing up code and running it in different locations. A scriptblock can be used to create a Where-Object filter.
You would use the FilterScript argument to employ a scriptblock as a filter. This parameter enables you to write a scriptblock, which can then be passed to the FilterScript argument and performed. It is assumed that the scriptblock is True if it returns a result other than a boolean False or a null variable. Otherwise, it is regarded as False.
Let’s take the scenario where you need to locate all of the Windows services that are now turned off. With Get-Service, you would first collect all of the present services. Then, Get-Service provides numerous service objects, each with a different set of properties.
The Where-Object cmdlet may then be used with the FilterScript parameter after you piped those items through the PowerShell pipeline. You might make a condition to verify whether or not the StartType property of each object equals Disabled because the FilterScript argument takes a scriptblock.
{$_.StartType -EQ 'Disabled'}
You would then supply that scriptblock to the FilterScript parameter once you have the filtering scriptblock. After that, Where-Object would run the scriptblock for each object entering the pipeline and assess each property.
Get-Service | Where-Object -FilterScript {$_.StartType -EQ 'Disabled'}
Using Comparison operator In Statements
Comparison statements, which were introduced in Windows Powershell 3.0, have a more logical construction. Let’s locate every Windows service that is disabled using the comparison statement construct.
The command specifies the object property as a parameter value to the Property parameter rather than utilising a scriptblock. Now that the eq operator is also a parameter, you can give it the value of Disabled.
Get-Service | Where-Object -Property StartType -EQ 'Disabled'
Now, using parameters in this way completely does away with the necessity for a scriptblock.
When defining filtering conditions that are more complicated, a scriptblock is a better option. It’s possible that the Property parameter isn’t always the best option. Just keep in mind to use comments to explain your code if you’re using a scriptblock.
Filtering Basics
Powershell Comparison operators as parameters
Working with collections makes use of containment operators. You can specify a condition for whether or not a collection contains an item using containment operators.
There are several different operators in PowerShell, including:
- Filter a collection by using the -contains or -ccontains operators.
- Filter a collection that doesn’t contain a property value using the -notcontains or -cnotcontains options.
- If a match is discovered, the -in/-cin command returns the value of the property.
- Value is not in a collection; notin/cnotin; null/$false if there is no property value.
Here’s an example of using the -Contain parameter with Where-Object in PowerShell:ong>
In this example, we’re creating an array of numbers $numbers containing the values 1 through 5. We then use Where-Object to filter the array based on whether it contains the number 2, using the -contains operator and the $_ automatic variable to refer to the current item in the pipeline.
The result is that $evenNumbers will contain the value 2, since that’s the only even number in the original array.
You can modify the condition to match your specific use case. For example, if you have an array of strings and you want to filter based on whether a specific string is contained in each item, you can replace $_ -contains 2 with the string you want to check for.
Matching Operators
PowerShell Matching operators are an additional option. Strings inside of strings can be matched using matching operators. Strings in strings are matched using matching operators.
Where-Object in PowerShell supports a number of distinct matching operators.
- A wildcard pattern is matched by the -like / -clike string.
- -match and -cmatch are used to match strings to regex patterns.
- string does not match wildcard pattern; -notlike / -cnotlike.
- string does not fit the regex pattern, -notmatch or -cnotmatch
The following list of matching operators is available. Finding all services with Windows in the DisplayName property value is done in the example below.
Get-Service | Where-Object { $_.DisplayName -match 'Windows'}
The like operator can also be used to perform typical matching operations, such as employing a wildcard (*) to match any character or a “?” to match a single character.
Get-Service | Where-Object {($_.Name -like 'Win*')}
You don’t need to know the service’s complete name if you use the wildcard. It only takes a few letters of the string. To further improve filtering, these operators can be paired with logical operators.
Equality Operators
You can combine two criteria in a Powershell scriptblock by using the and operator, which will evaluate both of them. Where-Object returns the process object that was sent through the pipeline if they both return True. Where-Object removes the object if at least one of the tests yields a False result.
Get-Process | Where-Object {($_.CPU -gt 2.0) -and ($_.CPU -lt 10)}
Here is what you might anticipate seeing:
You can create system reports or use filtering using Where-Object equality operators to compare values.
