Skip to content

Instantly share code, notes, and snippets.

@junecastillote
Last active September 10, 2023 10:02
Show Gist options
  • Save junecastillote/f99805343ec4eeac40b869b62a0d909f to your computer and use it in GitHub Desktop.
Save junecastillote/f99805343ec4eeac40b869b62a0d909f to your computer and use it in GitHub Desktop.
Get BitLocker Recovery Password from AD
# Get-BitLockerRecoveryPassword.ps1
[CmdletBinding(DefaultParameterSetName = 'byComputerName')]
param (
[Parameter(Mandatory, ParameterSetName = 'byComputerName')]
[string]
$ComputerName,
[Parameter(Mandatory, ParameterSetName = 'byKeyId')]
[string]
$KeyID
)
if ($PSCmdlet.ParameterSetName -eq 'byComputerName') {
try {
$computerObj = Get-ADComputer $ComputerName -ErrorAction Stop
$blObj = Get-ADObject -Filter { objectclass -eq 'msFVE-RecoveryInformation' } -SearchBase $computerObj.DistinguishedName -Properties * -ErrorAction Stop
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
"The AD computer [$($ComputerName)] is not found." | Out-Default
}
catch {
}
}
if ($PSCmdlet.ParameterSetName -eq 'byKeyId') {
if ($KeyID.Length -eq 8) {
$keyId = "*{$keyID*"
$blObj = Get-ADObject -Filter { objectclass -eq 'msFVE-RecoveryInformation' -and CN -like $KeyID } -Properties *
}
else {
"The KeyId must be exactly the first 8 characters of the Password ID." | Out-Default
}
}
if ($blObj) {
[PSCustomObject]$([ordered]@{
'Computer Name' = $(($blObj.DistinguishedName -split ',')[1].Replace('CN=', ''))
'Password ID' = $(([regex]::Match($blObj.DistinguishedName, '\{(.*?)\}')).Groups[1].Value)
'Recovery Password' = $($blObj.'msFVE-RecoveryPassword')
})
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment