We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Output BitLocker recovery password

February 18, 2021 Views: 3526

The script adds a BitLocker recovery password of a computer on which it is executed to the Execution Log. When the script runs, the Execution Log is displayed to users.

Using the script, you can, for example, create a custom command to display recovery passwords to users. Since recovery information is stored in computer objects in AD, you need to create a custom command executed on Computer objects.

To add the script to a custom command, use the Run a program or PowerShell script action.
Edit Remove
PowerShell
try
{
    # Find an object that stores BitLocker recovery information
    $searcher = $Context.TargetObject
    $searcher.SearchFilter = "(objectClass=msFVE-RecoveryInformation)"
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SetPropertiesToLoad(@("msFVE-RecoveryPassword", "name"))
    
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    if ($searchResults.Count -eq 0)
    {
        # No BitLocker recovery information found under the current computer object
        $Context.LogMessage("This computer doesn't store its BitLocker recovery information in AD", 
            "Information") # TODO: modify me
        return
    }
    
    foreach ($searchResult in $searchResults)
    {
        $name = $searchResult.Properties["name"].Value
        $recoveryPassword = $searchResult.Properties["msFVE-RecoveryPassword"].Value
        
        $Context.LogMessage("Recovery information entry: " + $name, "Information")
        $Context.LogMessage("Recovery password: " + $recoveryPassword, "Information")
    }
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}
Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers