PowerShell | Bit Locker Key in AD
<#
Summary:
Query AD for enabled Windows 10 computer objects
Loop through items and query computer ADObject for Bitlocker Key
Export computer name and key created time to text file
Created so that we can see if Computers don't have recovery key
Author: Scott Head
Date: 02/09/2022
Version: 1.0
#>
#Get Computer List From AD
$Computer = Get-ADComputer -Properties * -Filter {(Enabled -eq $True) -and (OperatingSystem -Like "WIndows 10*") -and (OperatingSystemVersion -ne "10.0 (17134)")} | Select Name,DistinguishedName
#Loop through comptuers
Foreach($Comp in $Computer){
$Info =""
#Get Bitlocker Recovery Key
$Info=Get-ADObject -Filter 'objectClass -eq "msFVE-RecoveryInformation"' -SearchBase $comp.DistinguishedName -Properties whenCreated, msFVE-RecoveryPassword | Select -ExpandProperty whenCreated
#Export to Text File
"$($Comp.Name) | $($Info)" | Tee-Object C:\temp\Keys.txt -Append
}