Script Repository


Output BitLocker recovery password

September 14, 2015
1550

The script adds a BitLocker recovery password of a computer on which it is executed to the Execution Log. When the script runs, the Execution Log is displayed to users.

Using the script, you can, for example, create a Custom Command to display recovery passwords to users. Since recovery information is stored in computer objects in AD, you need to create a Custom Command executed on Computer objects.

To add the script to a Custom Command, use the Run a program or PowerShell script action.
Edit Remove
PowerShell
try
{
    # Find an object that stores BitLocker recovery information
    $searcher = $Context.TargetObject
    $searcher.SearchFilter = "(objectClass=msFVE-RecoveryInformation)"
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SetPropertiesToLoad(@("msFVE-RecoveryPassword", "name"))
    
    $searchResultIterator = $searcher.ExecuteSearch()
    $searchResults = $searchResultIterator.FetchAll()
    
    if ($searchResults.Count -eq 0)
    {
        # No BitLocker recovery information found under the current computer object
        $Context.LogMessage("This computer doesn't store its BitLocker recovery information in AD", 
            "Information") # TODO: modify me
        return
    }
    
    foreach ($searchResult in $searchResults)
    {
        $name = $searchResult.Properties["name"].Value
        $recoveryPassword = $searchResult.Properties["msFVE-RecoveryPassword"].Value
        
        $Context.LogMessage("Recovery information entry: " + $name, "Information")
        $Context.LogMessage("Recovery password: " + $recoveryPassword, "Information")
    }
}
finally
{
    # Release resources used by the search
    $searchResultIterator.Dispose()
}

Comments ( 0 )
No results found.
Leave a comment