Compare all properties of two objects in Windows PowerShell

  • Article

I've always said that the Compare-Object cmdlet, which has been around forever in Windows PowerShell, is one of the most flexible and useful cmdlets out there. If you're an IT Professional of any kind, whether you work with Exchange Server or manage file servers, Compare-Object can make you look like a genius. In the past, I've used it for a number of random tasks, from comparing Active Directory group memberships to detecting changed files/folders on a file server.

The Compare-Object cmdlet really shines when you're comparing collections of like objects, and, although it allows you to also compare based on specific object properties, that sometimes leaves a little to be desired. Take for instance, the comparison of two Active Directory user objects. It is fairly common for an administrator to come across scenarios where you need to compare two Active Directory users and find the specific differences. Usually, you're troubleshooting something strange that happens for one user but not the other. Often times it may come down to how particular attributes have been configured on the user object. So, Compare-Object to the rescue, right? Not so fast.

[ps]
$ad1 = Get-ADUser amelia.mitchell -Properties *
$ad2 = Get-ADUser carolyn.quinn -Properties *
Compare-Object $ad1 $ad2
[/ps]

Running this code gives you the following output. Not exactly helpful. Of course, we know that the identity of the reference object and difference object will not be the same.

 
InputObject                     SideIndicator
-----------                        -------------
CN=carolyn.quinn,OU=Users,DC=contosocorp,DC=us     =>           
CN=amelia.mitchell,OU=Users,DC=contosocorp,DC=us    <=

To take the comparison one step further, you can use the -Property parameter. This allows you to compare one or more specific parameters. More helpful than the last example, but it assumes you know where the differences between the objects lie.

[ps]
$ad1 = Get-ADUser amelia.mitchell -Properties *
$ad2 = Get-ADUser carolyn.quinn -Properties *
Compare-Object $ad1 $ad2 -Property title,department
[/ps]

Okay, this is definitely more helpful. We can see by the output below that the user objects have different title and department attributes. However, we had to specify the attributes we wanted to compare. If we wanted to compare all attributes, this would be a very long command or a very manual process to compare each attribute.

 
title             department SideIndicator
-----             ---------- -------------
Finance Associate Finance    =>           
Accountant II     Accounting <=

So, with a little extra logic, we can do this pretty easily. First, we define the Compare-ObjectProperties function. That function will take any two source objects and get a unique list of all of the property names of both objects we're comparing. This is necessary because objects aren't always going to have the same set of attributes. When that is the case, we want to see where one has a null value and the other is populated. With the list of unique property names, our function can iteratively process them through Compare-Object and only return the properties that are different.

[ps]
Function Compare-ObjectProperties {
Param(
[PSObject]$ReferenceObject,
[PSObject]$DifferenceObject
)
$objprops = $ReferenceObject | Get-Member -MemberType Property,NoteProperty | % Name
$objprops += $DifferenceObject | Get-Member -MemberType Property,NoteProperty | % Name
$objprops = $objprops | Sort | Select -Unique
$diffs = @()
foreach ($objprop in $objprops) {
$diff = Compare-Object $ReferenceObject $DifferenceObject -Property $objprop
if ($diff) {
$diffprops = @{
PropertyName=$objprop
RefValue=($diff | ? {$_.SideIndicator -eq '<='} | % $($objprop))
DiffValue=($diff | ? {$_.SideIndicator -eq '=>'} | % $($objprop))
}
$diffs += New-Object PSObject -Property $diffprops
}
}
if ($diffs) {return ($diffs | Select PropertyName,RefValue,DiffValue)}
}

$ad1 = Get-ADUser amelia.mitchell -Properties *
$ad2 = Get-ADUser carolyn.quinn -Properties *
Compare-ObjectProperties $ad1 $ad2
[/ps]

Running the above code produces the following output. This is definitely what we're looking for.

 
PropertyName          RefValue                        DiffValue
------------           --------                        ---------
CanonicalName          contosocorp.us/Users/amelia.mitchell            contosocorp.us/Users/carolyn.quinn
CN                amelia.mitchell                     carolyn.quinn
Created                2/16/2017 9:31:12 AM                    2/16/2017 9:31:15 AM
createTimeStamp         2/16/2017 9:31:12 AM                    2/16/2017 9:31:15 AM
Department          Accounting                      Finance
DisplayName          Amelia Mitchell                     Carolyn Quinn
DistinguishedName      CN=amelia.mitchell,OU=Users,DC=contosocorp,DC=us    CN=carolyn.quinn,OU=Users,DC=contosocorp,DC=us
dSCorePropagationData     {2/16/2017 9:53:26 AM, 2/16/2017 9:31:12 AM,...     {2/16/2017 9:53:25 AM, 2/16/2017 9:31:15 AM, 12/31/1600 6:00:0...
employeeType           FullTime                        Contractor
GivenName         Amelia                          Carolyn
Manager              CN=christopher.walsh,OU=Users,DC=contosocorp,DC=us
MemberOf          {CN=Group8842,OU=Groups,DC=contosocorp,DC=us...     {CN=Group8896,OU=Groups,DC=contosocorp,DC=us...
Modified         4/24/2017 7:51:46 AM                    4/24/2017 7:51:56 AM
modifyTimeStamp         4/24/2017 7:51:46 AM                    4/24/2017 7:51:56 AM
Name                amelia.mitchell                     carolyn.quinn
ObjectGUID         e3436c96-ac59-4b0a-a2cd-cea586676089            27abcbb9-57f8-4e4d-8f87-a5ee0e3d6ddd
objectSid           S-1-5-21-827217070-865584383-1086049070-1208        S-1-5-21-827217070-865584383-1086049070-1249
Office              LON                         NYC
PasswordLastSet          2/16/2017 9:31:12 AM                    2/16/2017 9:31:15 AM
physicalDeliveryOfficeName  LON                         NYC
pwdLastSet           131317326721610425                  131317326757222285
SamAccountName            amelia.mitchell                     carolyn.quinn
SID                S-1-5-21-827217070-865584383-1086049070-1208        S-1-5-21-827217070-865584383-1086049070-1249
sn              Mitchell                        Quinn
Surname                Mitchell                        Quinn
Title              Accountant II                       Finance Associate
UserPrincipalName      amelia.mitchell@contosocorp.us              carolyn.quinn@contosocorp.us
uSNChanged          372797                          372798
uSNCreated            17224                           17511
whenChanged            4/24/2017 7:51:46 AM                    4/24/2017 7:51:56 AM
whenCreated         2/16/2017 9:31:12 AM                    2/16/2017 9:31:15 AM

One of the best things about this function is that you're not limited to comparing Active Directory user objects. You can use any two objects you want, and they don't even have to be the same type of object! Try for yourself using the example below, which compares a file object to a service. Granted, there probably aren't many use cases for such a scenario, but you never know. The capability is there nonetheless.

[ps]
$file = Get-Item -Path C:\Windows\System32\notepad.exe
$service = Get-Service -Name WinRM
Compare-ObjectProperties $file $service
[/ps]

Happy PowerShell'ing. See you next time.