Get the bitlocker key of a computer in Active Directory

Hello,

Many of us encrypt out professional laptop, some of us uses BitLocker. As you may already know, Active Directory can store the bitlocker key in a child object of the computer object wich the key belongs to.

So, you can get the bitlocker key of a computer in Active Directory with that simple PowerShell oneliner :

Get-ADComputer -Identity Computer1 | ForEach-Object -Process {Get-ADObject -SearchBase $_.DistinguishedName -Filter {objectClass -eq 'msFVE-RecoveryInformation'} -Properties 'msFVE-RecoveryPassword'}

You’ll need the ActiveDirectory PowerShell module.

Note : Microsoft provide you a GUI tool :

http://support.microsoft.com/kb/928202/en-us

 

Leave a Reply