Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 6, 2019 12:46 PM
I am trying to continuously export all bitlocker keys from all PC's from a designated OU.
We have created the below provided Powershell script to run this operation, this all works fine except for the fact that only 1 Recovery ID gets piped whereas we do get provided with multiple RecoveryPasswords. How would i go about getting all available Recovery ID for each device?
Import-Module ActiveDirectory
function Convert-ByteArrayToHexString
{
[CmdletBinding()] Param (
[Parameter(Mandatory = $True, ValueFromPipeline = $True)] [System.Byte[]] $ByteArray,
[Parameter()] [Int] $Width = 1,
[Parameter()] [String] $Delimiter = "",
[Parameter()] [String] $Prepend = "",
[Parameter()] [Switch] $AddQuotes )
if ($Width -lt 1) { $Width = 1 }
if ($ByteArray.Length -eq 0) { Return }
$FirstDelimiter = $Delimiter -Replace "^[\\\t]",""
$From = 0
$To = 3
$String = [System.BitConverter]::ToString($ByteArray[$To..$From])
$String -replace "-",""
}
Get-ADComputer -Filter 'ObjectClass -eq "computer"' -SearchBase "OU=blank-w10,DC=xx,DC=xxxx,DC=x" | foreach-object {
$Computer = $_.name
#Check if the Computer Object exists
$Computer_Object = Get-ADComputer -Filter {cn -eq $Computer} -Property msTPM-OwnerInformation, msTPM-TpmInformationForComputer
if($Computer_Object -eq $null){
Write-Host "Error..."
}
#Check if the computer object has had a BitLocker Recovery Password
$Bitlocker_Object = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $Computer_Object.DistinguishedName -Properties 'msFVE-RecoveryPassword','msFVE-RecoveryGuid'
if($Bitlocker_Object.'msFVE-RecoveryPassword'){
$BitLocker_Key = $BitLocker_Object.'msFVE-RecoveryPassword'
$Bitlocker_ID = ""
$Bitlocker_ID = $Bitlocker_Object.'msFVE-RecoveryGuid'
$Bitlocker_ID2 = ""
$Bitlocker_ID2 = Convert-ByteArrayToHexString $Bitlocker_ID
}else{
$Bitlocker_ID2 = "none"
$BitLocker_Key = "none"
}
#Display Output
Write-Host
@{"Hostname" = $computer},
@{"PasswordID" = $Bitlocker_ID2},
@{"RecoveryPassword" = $BitLocker_Key}
}
All replies (3)
Wednesday, March 6, 2019 1:34 PM
Please edit your post and post only correctly formatted code using the code posting tool provided on the edit bar.
Wednesday, March 6, 2019 1:39 PM
This will help you: https://gallery.technet.microsoft.com/Backup-BitLokcer-Recovery-70ce0ab2
\(ツ)_/
Wednesday, March 6, 2019 1:41 PM
To recover all keys associated with a device you must enumerate the child objects of the device.
\(ツ)_/