Powershell New-Object Constructor was not found within loop

Question

I'm struggling with the below code. I'm trying to get a security eventlog via powershell into an array and selecting only the values I'm interested in. In the next step I want to loop through this array and write those values in a human readable log. Everything is coming together nicely except translating an SID to an Account Name within the loop.

This is what I'm doing:

$eventID = 4732

$log = @( Get-EventLog -LogName security -InstanceId $eventID | Select-Object -Property EventID,EntryType,TimeGenerated,
            @{n="AccountName";e = {$_.replacementstrings[1]}},
            @{n="GroupName";e = {$_.replacementstrings[2]}},
            @{n="AdminName";e = {$_.replacementstrings[6]}}
            @{n="DomainName";e = {$_.replacementstrings[3]}}
        )

After this I want to translate the SID which I get from the eventlog to an actual accountname. I'm doing this by looping through all the entries and send them to the output.

$log | ForEach-Object {  

    ((New-Object System.Security.Principal.SecurityIdentifier ($_.AccountName)).Translate( [System.Security.Principal.NTAccount])).Value
}

Output I'm getting is the actual verified account name, which tells me the code works. Except it also gives me the following error:

New-Object : A constructor was not found. Cannot find an appropriate constructor for type System.Security.Principal.Sec
urityIdentifier.
At line:3 char:3
+ ((New-Object System.Security.Principal.SecurityIdentifier ($_.Account ...
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [New-Object], PSArgumentException
    + FullyQualifiedErrorId : CannotFindAppropriateCtor,Microsoft.PowerShell.Commands.NewObjectCommand

The weirdest part is when I call the code outside of the loop, it works:

((New-Object System.Security.Principal.SecurityIdentifier ($log.AccountName[0])).Translate( [System.Security.Principal.NTAccount])).Value

But as I won't know how many entries the array will have I need it to work within a loop. Am I doing something wrong?

I know there are probably more ways to do this, but I just want to comprehend what and why it's happening. Thanks to anyone who can help.

Answer 1

Your @() is useless but this does not cause the error, Get-EventLog will retrieve results into an array already.

You have forgot a coma at the end of the line @{n="AdminName";e = {$_.replacementstrings[6]}}

$eventID = 4732

$log = Get-EventLog -LogName security -InstanceId $eventID | Select-Object -Property EventID,EntryType,TimeGenerated,
        @{n="AccountName";e = {$_.replacementstrings[1]}},
        @{n="GroupName";e = {$_.replacementstrings[2]}},
        @{n="AdminName";e = {$_.replacementstrings[6]}},
        @{n="DomainName";e = {$_.replacementstrings[3]}}

$log | ForEach-Object {  
    ((New-Object System.Security.Principal.SecurityIdentifier($_.AccountName)).Translate([System.Security.Principal.NTAccount])).Value
   }