{"id":7193,"date":"2020-01-24T11:32:53","date_gmt":"2020-01-24T16:32:53","guid":{"rendered":"https:\/\/jdhitsolutions.com\/blog\/?p=7193"},"modified":"2021-04-21T08:39:09","modified_gmt":"2021-04-21T12:39:09","slug":"better-event-logs-with-powershell","status":"publish","type":"post","link":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/","title":{"rendered":"Better Event Logs with PowerShell"},"content":{"rendered":"\n

Because I don't work in a corporate environment, I don't always see opportunities where PowerShell can make your life better as an IT professional. I have a friend -- let's call her Gladys Kravitz<\/a>. Gladys and I were chatting and she mentioned how tricky it is to pull information out of Windows event logs. If I recall, she was looking at 4625 events in the Security log which represents failed logon attempts. Here's an example:<\/p>\n\n\n\n

\"A<\/a><\/figure>\n\n\n\n

Reading the message it is clear that user Aprils in the Company domain tried to logon to Win10. But how would you get that information from event logs on 100 of machines? You could resort to some regular expression voodoo to extract the information. The values are actually part of the event log record. You may have seen ReplacementStrings when using Get-Eventlog<\/a>. When using Get-WinEvent these values are stored as properties.<\/p>\n\n\n\n

\"Event<\/a><\/figure>\n\n\n\n

Assuming these values were consistent, you could write a function to create a custom object from these values. But I'm always thinking of the bigger picture. What Gladys really wanted is a way to turn the event log record into a structured object she could use in PowerShell. This issue with replacement strings goes beyond this particular situation.<\/p>\n\n\n\n

XML to the Rescue<\/h2>\n\n\n\n

You probably don't think of XML as a solution, but in this case, it XML saves the day. The event log record object you get from Get-WinEvent includes a method to create an XML version.<\/p>\n\n\n\n

 $r = get-winevent -FilterHashtable @{Logname=\"Security\";ID=4625} -MaxEvents 1 -ComputerName Win10 [xml]$evt = $r.ToXml() <\/code><\/pre>\n\n\n\n
This document has properties that expose the data used to construct the event log record.<\/p>\n\n\n\n
\"Parsing<\/a><\/figure>\n\n\n\n
The Data node looks promising.<\/p>\n\n\n\n
\"Event<\/a><\/figure>\n\n\n\n
That almost looks like an object! I'll make one.<\/p>\n\n\n\n
$evt.Event.EventData.Data | foreach-object -Begin {$h = @{}} -Process {\n $h.add($_.name,$_.'#text')\n} -end { $obj = New-Object -TypeName PSObject -Property $h }<\/code><\/pre>\n\n\n\n
\"A<\/a><\/figure>\n\n\n\n
I can build a tool around this to convert event log records into more meaningful objects. And that's exactly what I did for Gladys.<\/p>\n\n\n\n
Convert-EventLogRecord<\/h2>\n\n\n\n
I wrote a function called Convert-EventLogRecord<\/a> that is part of the latest release of my PSScriptTools<\/a> module. The function is designed to convert event log entries into custom objects. The function creates a custom object with the data properties I showed, but other information as well such as event id, log name and computername.<\/p>\n\n\n\n
\"A<\/a><\/figure>\n\n\n\n
Now Gladys has a PowerShell tool to get the information she wants in the form she wants.<\/p>\n\n\n\n
\"An<\/a><\/figure>\n\n\n\n
This isn't a perfect tool. Some even log entries don't have extra data. Or the data they have is just a list of strings. In those cases, the data is stored as RawProperties.<\/p>\n\n\n\n
\"Raw<\/a><\/figure>\n\n\n\n
But once I know that I can write a control script or other tooling.<\/p>\n\n\n\n
\"Tooling<\/a><\/figure>\n\n\n\n
As you explore different events in different logs you figure out what things look like. Sometimes the event log data isn't helpful. But with a little PowerShell effort on your part, you can create meaningful results. You should be able to run this code on your desktop.<\/p>\n\n\n\n
Get-WinEvent -FilterHashtable @{Logname ='system';ID =7040} -MaxEvent 50 |\nConvert-EventlogRecord | \nSort-Object -Property Param4,TimeCreated -Descending |\nFormat-Table -GroupBy @{Name=\"Service\";Expression={$_.param4}} -Property TimeCreated,\n@{Name=\"OriginalState\";Expression = {$_.param2}},\n@{Name=\"NewState\";Expression={$_.param3}},Computername<\/code><\/pre>\n\n\n\n
The results show you when services changed state.<\/p>\n\n\n\n
\"Changed<\/a><\/figure>\n\n\n\n
I've been showing results as formatted tables. But you can do whatever you want because the Convert-EventLogRecord function is writing an object to the pipeline. Run whatever Get-Winevent query or command you want, convert the results, and then do what you need to with the results.<\/p>\n\n\n\n
I gave the code to Gladys to try out but now you can get it as well in the PSScriptTools module, beginning with version 2.13. I hope you'll give it a try and let me know what you think.<\/p>\n","protected":false},"excerpt":{"rendered":"
Because I don’t work in a corporate environment, I don’t always see opportunities where PowerShell can make your life better as an IT professional. I have a friend — let’s call her Gladys Kravitz. Gladys and I were chatting and she mentioned how tricky it is to pull information out of Windows event logs. If…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"New on the blog: Better Event Logs with #PowerShell","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[226,263,534,540],"class_list":["post-7193","post","type-post","status-publish","format-standard","hentry","category-powershell","tag-eventlog","tag-get-winevent","tag-powershell","tag-scripting"],"yoast_head":"\nBetter Event Logs with PowerShell • The Lonely Administrator<\/title>\n<meta name=\"description\" content=\"Event logs are nice, but they could be better. See how I take loosely organized event log entries and turn them into meaning PowerShell objects.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Better Event Logs with PowerShell • The Lonely Administrator\" \/>\n<meta property=\"og:description\" content=\"Event logs are nice, but they could be better. See how I take loosely organized event log entries and turn them into meaning PowerShell objects.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/\" \/>\n<meta property=\"og:site_name\" content=\"The Lonely Administrator\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-24T16:32:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-21T12:39:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/01\/image_thumb-4.png\" \/>\n<meta name=\"author\" content=\"Jeffery Hicks\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@JeffHicks\" \/>\n<meta name=\"twitter:site\" content=\"@JeffHicks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeffery Hicks\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/\"},\"author\":{\"name\":\"Jeffery Hicks\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"headline\":\"Better Event Logs with PowerShell\",\"datePublished\":\"2020-01-24T16:32:53+00:00\",\"dateModified\":\"2021-04-21T12:39:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/\"},\"wordCount\":570,\"commentCount\":3,\"publisher\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"image\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/image_thumb-4.png\",\"keywords\":[\"eventlog\",\"Get-WinEvent\",\"PowerShell\",\"Scripting\"],\"articleSection\":[\"PowerShell\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/\",\"name\":\"Better Event Logs with PowerShell • The Lonely Administrator\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/image_thumb-4.png\",\"datePublished\":\"2020-01-24T16:32:53+00:00\",\"dateModified\":\"2021-04-21T12:39:09+00:00\",\"description\":\"Event logs are nice, but they could be better. See how I take loosely organized event log entries and turn them into meaning PowerShell objects.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#primaryimage\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/image_thumb-4.png\",\"contentUrl\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/image_thumb-4.png\",\"width\":1028,\"height\":615},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/powershell\\\/7193\\\/better-event-logs-with-powershell\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"PowerShell\",\"item\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/category\\\/powershell\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Better Event Logs with PowerShell\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/\",\"name\":\"The Lonely Administrator\",\"description\":\"Practical Advice for the Automating IT Pro\",\"publisher\":{\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/jdhitsolutions.com\\\/blog\\\/#\\\/schema\\\/person\\\/d0258030b41f07fd745f4078bdf5b6c9\",\"name\":\"Jeffery Hicks\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\",\"caption\":\"Jeffery Hicks\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Better Event Logs with PowerShell • The Lonely Administrator","description":"Event logs are nice, but they could be better. See how I take loosely organized event log entries and turn them into meaning PowerShell objects.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/","og_locale":"en_US","og_type":"article","og_title":"Better Event Logs with PowerShell • The Lonely Administrator","og_description":"Event logs are nice, but they could be better. See how I take loosely organized event log entries and turn them into meaning PowerShell objects.","og_url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/","og_site_name":"The Lonely Administrator","article_published_time":"2020-01-24T16:32:53+00:00","article_modified_time":"2021-04-21T12:39:09+00:00","og_image":[{"url":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/01\/image_thumb-4.png","type":"","width":"","height":""}],"author":"Jeffery Hicks","twitter_card":"summary_large_image","twitter_creator":"@JeffHicks","twitter_site":"@JeffHicks","twitter_misc":{"Written by":"Jeffery Hicks","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#article","isPartOf":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/"},"author":{"name":"Jeffery Hicks","@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"headline":"Better Event Logs with PowerShell","datePublished":"2020-01-24T16:32:53+00:00","dateModified":"2021-04-21T12:39:09+00:00","mainEntityOfPage":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/"},"wordCount":570,"commentCount":3,"publisher":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"image":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#primaryimage"},"thumbnailUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/01\/image_thumb-4.png","keywords":["eventlog","Get-WinEvent","PowerShell","Scripting"],"articleSection":["PowerShell"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/","url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/","name":"Better Event Logs with PowerShell • The Lonely Administrator","isPartOf":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#primaryimage"},"image":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#primaryimage"},"thumbnailUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/01\/image_thumb-4.png","datePublished":"2020-01-24T16:32:53+00:00","dateModified":"2021-04-21T12:39:09+00:00","description":"Event logs are nice, but they could be better. See how I take loosely organized event log entries and turn them into meaning PowerShell objects.","breadcrumb":{"@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#primaryimage","url":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/01\/image_thumb-4.png","contentUrl":"https:\/\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/01\/image_thumb-4.png","width":1028,"height":615},{"@type":"BreadcrumbList","@id":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7193\/better-event-logs-with-powershell\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"PowerShell","item":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},{"@type":"ListItem","position":2,"name":"Better Event Logs with PowerShell"}]},{"@type":"WebSite","@id":"https:\/\/jdhitsolutions.com\/blog\/#website","url":"https:\/\/jdhitsolutions.com\/blog\/","name":"The Lonely Administrator","description":"Practical Advice for the Automating IT Pro","publisher":{"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jdhitsolutions.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/jdhitsolutions.com\/blog\/#\/schema\/person\/d0258030b41f07fd745f4078bdf5b6c9","name":"Jeffery Hicks","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","url":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg","caption":"Jeffery Hicks"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/832ae5d438fdcfc1420d720cd1991307927de8a0b12f2342e81c30f773e21098?s=96&d=wavatar&r=pg"}}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":18,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/18\/monad-and-event-logs\/","url_meta":{"origin":7193,"position":0},"title":"Monad and Event logs","author":"Jeffery Hicks","date":"February 6, 2006","format":false,"excerpt":"Here's another nifty Monad example from The Lazy Admin on using MSH to review Event logs.Managing the Event Logs with MSH - The Lazyadmin.com","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8196,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8196\/comparing-powershell-property-names\/","url_meta":{"origin":7193,"position":1},"title":"Comparing PowerShell Property Names","author":"Jeffery Hicks","date":"February 24, 2021","format":false,"excerpt":"Recently, I was chatting with my friend Gladys Kravitz about the hassle of comparing objects in PowerShell. Even after all these years. She has a specific use case, but you might also feel the need for a better comparison option. And to be clear, the comparison we're talking about is\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/02\/psobject-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/02\/psobject-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/02\/psobject-1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/02\/psobject-1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/02\/psobject-1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/02\/psobject-1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":8916,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8916\/managing-raw-directorysearcher-data\/","url_meta":{"origin":7193,"position":2},"title":"Managing Raw DirectorySearcher Data","author":"Jeffery Hicks","date":"February 24, 2022","format":false,"excerpt":"Recently, I was chatting with my friend Gladys. As part of her work, she often creates Active Directory PowerShell-related tools for her colleagues. It is always good to be the toolmaker! Anyway, she doesn't want to rely on the Active Directory module from Remote Server Administration Tools (RSAT). There's no\u2026","rel":"","context":"In "Active Directory"","block_context":{"text":"Active Directory","link":"https:\/\/jdhitsolutions.com\/blog\/category\/active-directory\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/02\/resultpropertiescollection.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/02\/resultpropertiescollection.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/02\/resultpropertiescollection.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2022\/02\/resultpropertiescollection.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":3504,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/3504\/runspaces-remoting-and-workflow-oh-my\/","url_meta":{"origin":7193,"position":3},"title":"Runspaces, Remoting and Workflow, Oh My!","author":"Jeffery Hicks","date":"October 18, 2013","format":false,"excerpt":"The other day on Twitter I saw a message about new script in the Microsoft Script Center on getting remote event logs with WMI. So I took a look at the script. If you take a minute to look at the script you'll quickly realize this is not a script\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"talkbubble","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2011\/10\/talkbubble.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":7700,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/7700\/active-directory-objects-and-the-powershell-pipeline\/","url_meta":{"origin":7193,"position":4},"title":"Active Directory Objects and the PowerShell Pipeline","author":"Jeffery Hicks","date":"September 28, 2020","format":false,"excerpt":"This article is something I've been meaning to write for sometime. As often as I tell people PowerShell is easy to use once you understand its core concepts, that isn't always the case.\u00a0 This is a problem my friend Gladys Kravitz brought to my attention some time ago. Like her,\u2026","rel":"","context":"In "Active Directory"","block_context":{"text":"Active Directory","link":"https:\/\/jdhitsolutions.com\/blog\/category\/active-directory\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/09\/Get-bits-revised-ad.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/09\/Get-bits-revised-ad.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/09\/Get-bits-revised-ad.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/09\/Get-bits-revised-ad.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2020\/09\/Get-bits-revised-ad.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":8378,"url":"https:\/\/jdhitsolutions.com\/blog\/powershell\/8378\/powershell-tough-love\/","url_meta":{"origin":7193,"position":5},"title":"PowerShell Tough Love","author":"Jeffery Hicks","date":"May 6, 2021","format":false,"excerpt":"The other day I was helping Gladys Kravitz on her transition to VS Code. Like many of you, she has been using the PowerShell ISE for years and has a deeply ingrained workflow. I'll be the first to admit that making the transition to VS Code is not easy. I\u2026","rel":"","context":"In "PowerShell"","block_context":{"text":"PowerShell","link":"https:\/\/jdhitsolutions.com\/blog\/category\/powershell\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/jdhitsolutions.com\/blog\/wp-content\/uploads\/2021\/05\/pexels-cottonbro-7670313.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/7193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/comments?post=7193"}],"version-history":[{"count":0,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/posts\/7193\/revisions"}],"wp:attachment":[{"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/media?parent=7193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/categories?post=7193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jdhitsolutions.com\/blog\/wp-json\/wp\/v2\/tags?post=7193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}