top of page

PowerShell | Bit Locker Key in AD

<#
Summary:  
          Query AD for enabled Windows 10 computer objects
          Loop through items and query computer ADObject for Bitlocker Key
          Export computer name and key created time to text file
          Created so that we can see if Computers don't have recovery key 

Author:   Scott Head
Date:     02/09/2022
Version:  1.0
#>

#Get Computer List From AD
$Computer = Get-ADComputer -Properties * -Filter {(Enabled -eq $True) -and (OperatingSystem -Like "WIndows 10*") -and (OperatingSystemVersion -ne "10.0 (17134)")} | Select Name,DistinguishedName

#Loop through comptuers
Foreach($Comp in $Computer){    
    $Info =""

    #Get Bitlocker Recovery Key
    $Info=Get-ADObject -Filter 'objectClass -eq "msFVE-RecoveryInformation"' -SearchBase $comp.DistinguishedName -Properties whenCreated, msFVE-RecoveryPassword  | Select -ExpandProperty whenCreated
   
#Export to Text File 
    "$($Comp.Name) | $($Info)" | Tee-Object C:\temp\Keys.txt -Append
}

bottom of page