Skip to main content

Reading and Resolving PowerShell Errors - Part 6

This is part 6 of my series of the most common PowerShell errors that are made in my PowerShell classes.  I will be posting one a day to help you understand why an error occurred and what the error’s meaning is.

Today’s error: Table columns are empty of property values

Here is our starting code:
Get-EventLog -LogName Security -Newest 5 |
    Select-Object -Property Name, InstanceID, Timewritten

And here is the full error:

Name                                                 InstanceId TimeWritten                   
----                                                 ---------- -----------                   
                                                           4634 12/10/2015 10:03:45 AM        
                                                           4624 12/10/2015 10:03:45 AM        
                                                           4672 12/10/2015 10:03:45 AM        
                                                           4634 12/10/2015 10:03:25 AM        
                                                           4624 12/10/2015 10:03:25 AM        


No error message is provided, but we can see that the Name property is empty.

Resolution:
Discover the true name of the property.

Many times in my classes, my students make an assumption about the name of an objects property.  When they do, they produce output with missing data.  Always pipe your objects to Get-Member so you can see the actual property names to use.
Get-EventLog -LogName Security -Newest 5 | GM

    TypeName: System.Diagnostics.EventLogEntry#Security/Microsoft-Windows-Security-Auditing/4672

Name                      MemberType     Definition                                           
----                      ----------     ----------                                           
Disposed                  Event          System.EventHandler Disposed(System.Object, System....
CreateObjRef              Method         System.Runtime.Remoting.ObjRef CreateObjRef(type re...
Dispose                   Method         void Dispose(), void IDisposable.Dispose()           
Equals                    Method         bool Equals(System.Diagnostics.EventLogEntry otherE...
GetHashCode               Method         int GetHashCode()                                    
GetLifetimeService        Method         System.Object GetLifetimeService()                   
GetObjectData             Method         void ISerializable.GetObjectData(System.Runtime.Ser...
GetType                   Method         type GetType()                                       
InitializeLifetimeService Method         System.Object InitializeLifetimeService()            
ToString                  Method         string ToString()                                    
Category                  Property       string Category {get;}                               
CategoryNumber            Property       int16 CategoryNumber {get;}                          
Container                 Property       System.ComponentModel.IContainer Container {get;}    
Data                      Property       byte[] Data {get;}                                    
EntryType                 Property       System.Diagnostics.EventLogEntryType EntryType {get;}
Index                     Property       int Index {get;}                                     
InstanceId                Property       long InstanceId {get;}                               
MachineName               Property       string MachineName {get;}                            
Message                   Property       string Message {get;}                                
ReplacementStrings        Property       string[] ReplacementStrings {get;}                   
Site                      Property       System.ComponentModel.ISite Site {get;set;}          
Source                    Property       string Source {get;}                                  
TimeGenerated             Property       datetime TimeGenerated {get;}                        
TimeWritten               Property       datetime TimeWritten {get;}                          
UserName                  Property       string UserName {get;}                               
EventID                   ScriptProperty System.Object EventID {get=$this.get_EventID() -ban...


If you need to see the values of the properties to help you decide which one to use, pipe a single object to Select *.
Get-EventLog -LogName Security -Newest 1 |
    Select *

EventID            : 4634
MachineName        : DC.PowerIT.com
Data               : {}
Index              : 428365
Category           : (12545)
CategoryNumber     : 12545
EntryType          : SuccessAudit
Message            : An account was logged off.
                    
                     Subject:
                         Security ID:        S-1-5-18
                         Account Name:        DC$
                         Account Domain:        POWERIT
                         Logon ID:        0x21bc1a
                    
                     Logon Type:            3
                     
                     This event is generated when a logon session is destroyed. It may be
                     positively correlated with a logon event using the Logon ID value. Logon
                     IDs are only unique between reboots on the same computer.
Source             : Microsoft-Windows-Security-Auditing
ReplacementStrings : {S-1-5-18, DC$, POWERIT, 0x21bc1a...}
InstanceId         : 4634
TimeGenerated      : 12/10/2015 10:07:45 AM
TimeWritten        : 12/10/2015 10:07:45 AM
UserName           :
Site               :
Container          : 

Once you discover the correct property name, then change your code
Get-EventLog -LogName Security -Newest 5 |
    Select-Object -Property Source, InstanceID, Timewritten 
Source                                               InstanceId TimeWritten                   
------                                               ---------- -----------                   
Microsoft-Windows-Security-A...                            4634 12/10/2015 10:06:45 AM        
Microsoft-Windows-Security-A...                            4624 12/10/2015 10:06:45 AM        
Microsoft-Windows-Security-A...                            4672 12/10/2015 10:06:45 AM        
Microsoft-Windows-Security-A...                            4634 12/10/2015 10:06:28 AM        
Microsoft-Windows-Security-A...                            4624 12/10/2015 10:06:28 AM        



Comments

Popular posts from this blog

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.

How to run GPResult on a remote client with PowerShell

In the past, to run the GPResult command, you would need to either physically visit this client, have the user do it, or use and RDP connection.  In all cases, this will disrupt the user.  First, you need PowerShell remoting enabled on the target machine.  You can do this via Group Policy . Open PowerShell and type this command. Invoke-Command –ScriptBlock {GPResult /r} –ComputerName <ComputerName> Replace <ComputerName> with the name of the target.  Remember, the target needs to be online and accessible to you.

Error icon when creating a GPO Preference drive map

You may not have an error at all.  Take a look at the drive mapping below. The red triangle is what threw us off.  It is not an error.  It is simply a color representation of the Replace option of the Action field in the properties of the drive mappings. Create action This give you a green triangle. The Create action creates a new mapped drive for users. Replace Action The Replace action gives you a red triangle.  This action will delete and recreate mapped drives for users. The net result of the Replace action is to overwrite all existing settings associated with the mapped drive. If the drive mapping does not exist, then the Replace action creates a new drive mapping. Update Action The Update action will have a yellow triangle. Update will modify settings of an existing mapped drive for users. This action differs from Replace in that it only updates settings defined within the preference item. All other settings remain as configured on the ma...