Wednesday, July 16, 2014

Export Bitlocker recovery keys from AD using PowerShell

This exports list of BitLocker recovery keys from AD. Found it somewhere from web.



#Prompt for AD user to use
$Creds=Get-Credential

#Connect to DC
Connect-QADService -service "dc01.domain.local:389" -credential $Creds

#Custom variables
$CsvFilePath = "C:\temp\BitLockerComputerReport.csv"

#Create array to hold computer information
$export = @()

#Export computers not Bitlocker-enabled to a CSV-file
$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq "msFVE-RecoveryInformation"} | Foreach-Object {

#Create custom object for each computer
$computerobj = New-Object -TypeName psobject

#Add name and operatingsystem to custom object
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value (Split-Path -Path $_.ParentContainer -Leaf)
$computerobj | Add-Member -MemberType NoteProperty -Name "msFVE-RecoveryPassword" -Value $_."msFVE-RecoveryPassword"

$export += $computerobj
}

#Export the array with computerinformation to the user-specified path
$export | Export-Csv -Path $CsvFilePath -NoTypeInformation



No comments:

Post a Comment

Got something to say?!