A. To
Reputation: 21
Retrieving Bitlocker Recovery Keys from AD
Fairly new to Powershell, I managed to get the following code to retrieve the Bitlocker key for computers in the domain, however, I have an issue with it:
Clear-Host
$TestOU = "OU=ABC,DC=XYZ,DC=com"
$PCs = Get-ADComputer -Filter * -SearchBase $TestOU
$Results = ForEach ($Computer in $PCs)
{
New-Object PSObject -Property @{
ComputerName = $Computer.Name
RecoveryPassword = Get-ADObject -Filter 'objectclass -eq "msFVE-
RecoveryInformation"' -SearchBase $computer.DistinguishedName -Properties
msFVE-RecoveryPassword,whencreated | sort whencreated -Descending | select
msfve-recoverypassword
}
}
$Results
My output for each password begins with {a{msfve-recoverypassword= and I'm not sure how to remove this.
Upvotes: 2
Views: 19336
Answers (1)
Koraktor
Reputation: 42923
The following code gives useful output for human consumption in the shell, but may also be used in a script:
$computer = Get-ADComputer $computerName
Get-ADObject -Filter 'objectClass -eq "msFVE-RecoveryInformation"' -SearchBase $computer.DistinguishedName -Properties whenCreated, msFVE-RecoveryPassword | `
Sort whenCreated -Descending | Select whenCreated, msFVE-RecoveryPassword
Upvotes: 1
Related Questions
- How to open BitLocker Drive Encryption windows using PowerShell
- Trying to back up my Bitlocker Key to ADDS Through Script
- How do I get a specific value from a line in powershell
- Test Lock Status with Get-BitLockerVolume
- Powershell & bcdedit: Identify recovery partitions
- Return key path from Registry Using Powershell
- Powershell script to check Bitlocker Status and email if Off
- Activate Bitlocker on external drive with powershell
- Determine Bitlocker version with PowerShell
- Automate the process of How to backup Bitlocker recovery information in AD