PowerShell Find Computers in AD with Stored Bitlocker Keys

Posted by admin | Apr 14, 2022 | All, Microsoft | 0 |

This command will find all the machines that have a bitlocker key backed up to AD from the Companies OU and outputs the list to C:\Temp\bitlocker.log

No keys are exposed this only lists the machines that contain bitlocker data

Get-ADObject -Filter {ObjectClass -eq 'msFVE-RecoveryInformation'} -SearchBase 'OU=Companies,DC=Contoso,DC=local' > C:\Temp\bitlocker.log

Here is the opposite of that command to find objects that don’t have the key stored:

Get-ADObject -Filter {ObjectClass -ne 'msFVE-RecoveryInformation'} -SearchBase 'OU=Companies,DC=Contoso,DC=local'

This below Powershell script will force a backup of the system drive bitlocker key to Active Directory

$BitVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive

$RecoveryKey = $BitVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }

Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID

Reference:
https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adobject?view=windowsserver2022-ps
https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/

About The Author

admin

Categories

Recent Posts

Power Automate Using SharePoint Actions instead of OneDrive Actions April 11, 2023
Using Power Automate to Populate a Word Template April 4, 2023
Dynamics CRM 365 get and set values for different data types with Java Script March 14, 2023
Power Automate Archive Folder from One Document Library to Another March 9, 2023
How to read Electronic Schematics January 25, 2023