Advanced Compare-Object: Working with Results

by Feb 26, 2009

By using the -passThru parameter, you can tell Compare-Object to return the actual objects you compared. Let's say you are looking for new processes started after a given point in time. You could easily create a baseline snapshot:

$base = Get-Process

Then, to find out which processes have been started since then, create another snapshot:

notepad
$new = Get-Process

To get the newly started processes, use -passthru and filter for SideIndicator equals "=>" to limit the output to only newly started processes (otherwise you would also get processes that no longer run):

Compare-Object $base $new -passThru | 
Where-Object { $_.SideIndicator -eq '=>' }

Because you used -passThru, you get back the actual process objects with all of their rich information.