Wednesday, March 22, 2017

Retrieve BitLocker Recovery Password Information PowerShell

Hi folks,

I have recently spend quite a time investigating BitLocker technology and also implementing it for Exchange servers to protect drives on servers according to Microsoft's preferred architecture about which you can read here. You can also read this article on how to plan and implement BitLocker. So apart of this I will not comment much on this because this subject is covered there quite well.

When configuring BitLocker on your computer or server drives you can chose to backup your recovery keys to the AD. This is very handy as you can easily retrieve them when needed from the AD. And if your AD environment is tightened well enough you can keep it secure.

Now how do you check whether your BitLocker keys have been backed up to the AD or not. Obviously you can do it by using ADUC tool. However, if you are looking to create a dump of these keys ADUC may not be a very handy tool to use. After some investigation I have found this and this articles which were the major sources of my inspirations. Capitalizing on them, I have put together the below code which retrieves information on the recovery keys from AD and dumps them to CSV file which can be later processed by Excel.

$usrInput = $(Get-WmiObject Win32_Computersystem).name
$objComputer = Get-ADComputer $usrInput
$objADObject = get-adobject -Filter * | Where-Object {$_.DistinguishedName -match $objComputer.Name -and $_.ObjectClass -eq "msFVE-RecoveryInformation"}
$objADObject |select DistinguishedName,Name,ObjectClass |Export-Csv D:\Scripts\RecPwd-Report.csv

I hope you will find this little script useful for your BitLocker adventures as it applies to any Windows Server or client box.