I am trying to get into powershell and have been doing some reading and watching tutorials on it.
One thing I am having difficulty with is understanding when to use what type of filtering.
For example, the 3 following commands all return the same data:
Get-Process -Name explorer
Get-Process | Where-Object -Property Name -EQ “explorer”
Get-Process | Where-Object {$_.Name -EQ “explorer”}
Why and when should one be used over the other?
Is there rule as to which one should be used over the other?
This is applying a filter when processes are retrieved, so you are getting only the process(es) that meet the search criteria:
Get-Process -Name Explorer
This is returning ALL processes and then you are piping it to another command to filter the process(es) that meet the search criteria. The example is using standard or what I would consider a more strongly-typed code. This example will work in Powershell 1.0 going forward.
This example is using more of a short-hand approach where administrators didn’t want to include the {} and wanted a simple way to where. It was introduced in Powershell 3.0, so if you wrote a script and tried this on 2.0 it would error. If I was going to release a tool or code for others to use, I always use strongly-typed code to ensure it works the same.
Get-Process | Where-Object -Property Name -eq "explorer"
The biggest difference between the first and second examples, as others have posted is performance. If you have 150 processes and only want one, why would you return all of them and then try to get only those versus just getting the 3 you need. Processes is one thing, but this comes into play very quickly in systems like AD. If you have 30k users and do:
Get-ADUser -Filter * | Where {$_.SamAccountName -eq 'rob'}
Your returning EVERY user in AD and then getting one user, which isn’t efficient, so you should filter left to only return what you are looking for:
This is getting a little off topic, but does anyone know why the system user on a domain-joined machine will return EVERY DOMAIN USER with this command (Windows 10):
get-wmiobject win32_useraccount
Much faster this way, but I don’t think of the system user is being a member of a domain: