Cmdlets usually return a large collection of objects, but often you only need a few of them. In these cases, you can pipe the cmdlet’s output to the Where-Object cmdlet (alias Where or ?) that serves as a filter.

If you use PowerShell to read system information such as a list of files from a folder, the currently running processes, or user objects from Active Directory, you typically receive an array with numerous elements. To display all returned objects with only a few of the properties, you can pipe the result to Select-Object.

Where with conditions ^

However, if you want to restrict the output to objects that meet certain criteria, Where-Object is the right cmdlet for the task. The cmdlet expects a condition as input that you can formulate with comparison operators.

The following example displays all files in the current directory tree that have been created or modified in 2015:

gci -r | Where {$_.LastWriteTime -gt "01/01/2015"}

Get-ChildItem (alias gci) returns a list of file objects that we pipe to Where-Object. The automatic variable $_ is a placeholder for each object that is passed to Where-Object through the pipeline. The cmdlet tests the variable’s LastWriteTime property to see whether its value is greater than 01/01/2015. This ensures that only files that have been modified after this date will appear in the output.

Complex conditions ^

The script block in curly braces can also contain complex expressions with multiple conditions:

gci -r | Where {$_.LastWriteTime -gt "01/01/2015" -and $_.length -lt 1GB}

In this example, we additionally test if a file is smaller than 1GB.

The previous examples use the notation in which the condition is formulated in a script block where $_ refers to the current object.

Simplified syntax ^

As of PowerShell 3.0, you can use a simpler syntax:

gci -r | Where LastWriteTime -gt "01/01/2015"

This command produces the same output as the previous example. The curly braces and the variable for the current pipeline object are omitted; the name of the property is enough.

The simplified syntax of Where-Object

The simplified syntax of Where-Object

However, this syntax is only allowed for simple conditions. If you use multiple logical operators in your condition, PowerShell will produce an error message. The second example that tests the date and the file size can therefore not be expressed with the simplified syntax.

Where-Object is not the only (and is often not the best) method to filter data. The cmdlet requires that you download the objects to the local computer so you can pass them through the pipe to the filter. It is better if you can filter the data with cmdlets at the source.

This applies to cmdlets that can query Active Directory or remote systems through WMI. For instance, Get-ADUser only returns those objects that meet the criteria specified with the -Filter parameter. It would be inefficient to first retrieve all user objects and then use Where-Object on the local computer to compare their properties with certain conditions.


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account