entra-powershell icon indicating copy to clipboard operation
entra-powershell copied to clipboard
verified publisher icon microsoftgraph

🪲 Array elements not excluded using Where-Object -notcontains or -notmatch

Open deadpoint opened this issue 10 months ago • 2 comments

When piping Get-EntraGroupMember through Where-Object to exclude elements, those elements are not excluded when using the -notmatch or -notcontain parameters. When using '! with -contains' the elements are properly excluded.

Describe the bug

We have 2 Entra Groups, one called Everyone that has 1311 members, and another called Group1 that contains 44 members who are a subset of Everyone. I am attempting to exclude the members of Group1 when I retrieve the group membership of Everyone with Where-Object.

To Reproduce

Steps to reproduce the behavior:

  1. Execute Get-EntraGroupMember to retrieve the data from the Entra groups Group1 which has 44 member, a Everyone that has 1311 members. These objectID's are randomly generated.
$Group1 = Get-EntraGroupMember -all -objectid c944569a-f800-4267-b3c1-6519263001bb
$group1 | measure-object
Count             : 44

$Everyone = Get-EntraGroupMember -all -objectid 0322f04f-4f68-4b1b-81f0-27fd5f08b547
$Everyone | measure-object

Count             : 1311
  1. Pipe $Everyone thru Where-Object -notmatch and count the elements
$everyone | where-object { $_.id -notmatch $group1.id } | measure-object

Count             : 1311
  1. Pipe $Everyone thru Where-Object -notcontains and count the elements
$everyone | where-object { $_.id -notcontains $group1.id } | measure-object

Count             : 1311

Expected behavior

Here's an example of the expected behavior when using `! with -contains).

  1. Pipe $Everyone thru Where-Object ! with -contains and count the elements
$Everyone | Where-Object { !($Group1.id -contains $_.id ) } | Measure-Object

Count             : 1267

Module Version

Get-Module -Name "Microsoft*Entra*"

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     1.0.2      Microsoft.Entra.Authentication      {Add-EntraEnvironment, Connect-Entra, Disconnect-Entra, Enable-EntraAzureADAlias...}
Script     1.0.2      Microsoft.Entra.Groups              {Add-EntraGroupMember, Add-EntraGroupOwner, Add-EntraLifecyclePolicyGroup, Get-EntraDeletedGro...

Environment Data

Screenshots

Additional context

deadpoint avatar Mar 03 '25 21:03 deadpoint

What do you get for $group1.id -notcontains $_.id?

alexandair avatar Mar 03 '25 23:03 alexandair

What do you get for $group1.id -notcontains $_.id? The elements are not excluded using that syntax as well.

$everyone | where-object { $group.id -notcontains $_.id } | measure-object

Count             : 1311

deadpoint avatar Mar 04 '25 12:03 deadpoint

@deadpoint This works correctly

$everyone | where-object { $group1.id -notcontains $_.id } |  Measure-Object

KenitoInc avatar Aug 21 '25 11:08 KenitoInc