Get the bitlocker key of a computer in Active Directory

Posted on by

Hello,

Many of us encrypt out professional laptop, some of us uses BitLocker. As you may already know, Active Directory can store the bitlocker key in a child object of the computer object wich the key belongs to.

So, you can get the bitlocker key of a computer in Active Directory with that simple PowerShell oneliner :

Get-ADComputer -Identity Computer1 | ForEach-Object -Process {Get-ADObject -SearchBase $_.DistinguishedName -Filter {objectClass -eq 'msFVE-RecoveryInformation'} -Properties 'msFVE-RecoveryPassword'}

You’ll need the ActiveDirectory PowerShell module.

Note : Microsoft provide you a GUI tool :

http://support.microsoft.com/kb/928202/en-us

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.