We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Output BitLocker recovery password

February 16, 2024 Views: 4488

The script adds a BitLocker recovery password of a computer on which it is executed to the Execution Log. When the script runs, the Execution Log is displayed to users.

To execute the script, you can, for example, create a custom command to display recovery passwords to users. Since recovery information is stored in computer objects in AD, you need to create a custom command executed on Computer objects.

To add the script to a custom command, use the Run a program or PowerShell script action.
Edit Remove
# Search parameters
$searcher = $Context.TargetObject
$searcher.Criteria = New-AdmCriteria -Type "msFVE-RecoveryInformation"
$searcher.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SetPropertiesToLoad(@("msFVE-RecoveryPassword", "name"))

    # Execute search
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    if ($searchResults.Count -eq 0)
        # No BitLocker recovery information found under the current computer object
        $Context.LogMessage("This computer doesn't store its BitLocker recovery information in AD", 
            "Information") # TODO: modify me
    foreach ($searchResult in $searchResults)
        $name = $searchResult.Properties["name"].Value
        $recoveryPassword = $searchResult.Properties["msFVE-RecoveryPassword"].Value
        $Context.LogMessage("Recovery information entry: " + $name, "Information")
        $Context.LogMessage("Recovery password: " + $recoveryPassword, "Information")
    # Release resources used by the search
Comments 0
Leave a comment

Got questions?

Support Questions & Answers