Powershell (v2) - Select-Object: -ExpandProperty

This morning I was looking at an Experts Exchange article which had this command courtesy of Chris Dent,

Get-Acl $Target | Select-Object -ExpandProperty Access | ForEach-Object { $_.IdentityReference.Value } | Get-Unique

As I read through it I wanted to see exactly what this did, so, I went through the command piece by piece. First, I did this:

Get-Acl C:\test

It returned this:

Directory: Microsoft.PowerShell.Core\FileSystem::C:\


Path Owner Access
---- ----- ------
test BUILTIN\Administrators BUILTIN\Administrators Allow FullCo...

Next, I added the | Select-Object access cmdlet to the pipeline. It now showed

Access
------
{System.Security.AccessControl.FileSystemAccessRule, System.Security.AccessControl.FileSystemAccessRule, System.Secu...

Great, I thought, another set of properties. What I didn't realize is that I was going to finally figure out something I should have know months ago: the beauty of -ExpandProperty. When I added this new parameter I saw the light bulb click on:

Get-Acl C:\test | Select-Object -ExpandProperty Access


FileSystemRights : FullControl
AccessControlType : Allow
IdentityReference : BUILTIN\Administrators
IsInherited : True
InheritanceFlags : None
PropagationFlags : None

Using -ExpandProperty iterates through a collection of object members. This only works if you are passing a collection to the Select-Object cmdlet's -ExpandProperty parameter. For instance, the following will still return a single value,

dir C:\test | Select-Object -ExpandProperty Name

because name is a deterministic property with a one-to-one mapping. This is good to know because you can use -ExpandProperty on an object that may have one or more member without fear of it blowing up if it only receives a singleton.  So instead of having to create some iteration code to enumeration this collection's members, just use -ExpandProperty.