ps/Modules/Alkami.DevOps.SystemEngineering/Public/Get-BitLockerRecoveryKeys.ps1

function Get-BitLockerRecoveryKeys {

    <#
    .SYNOPSIS
      Returns the BitLocker recovery key for a computer

    .DESCRIPTION
      Returns the BitLocker recovery key for a computer.  Caller must have domain admin rights

    .PARAMETER HostNames
      [string[]] The hostname or array of hostnames to return

    .EXAMPLE
      Get-BitLockerRecoveryKey "ALK-DELL1234"

    .EXAMPLE
      Get-BitLockerRecoveryKey @("ALK-DELL1234", "ALK-DELL23456")
    #>

    [CmdletBinding()]
    [OutputType([System.Object[]])]
    param(
        [Parameter(Mandatory)]
        [Alias("Computers","ComputerNames")]
        [string[]]$HostNames
    )

    $logLead = (Get-LogLeadName)

    if (!(Test-IsUserDomainAdmin)) {

        Write-Warning "$logLead : You must have domain administrative privileges to run this command"
        return $null
    }

    [array]$hostsToCheck = $HostNames
    $recoveryKeys = @()
    foreach ($hostName in $hostsToCheck) {

        $computer = Get-ADComputer $hostName -property DistinguishedName

        if ( $null -eq $computer ) {
            Write-Warning "$logLead : Unable to find host [$hostName] in AD; verify your hostname."
            continue
        }

        $bitLockerObject = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} `
            -SearchBase $computer.DistinguishedName -Properties *
        $recoveryKey = $bitLockerObject.'msFVE-RecoveryPassword'

        if ([String]::IsNullOrEmpty($recoveryKey)) {

            Write-Warning "$logLead : Unable to retrieve BitLocker Recovery value for host: [$hostName]"
            continue
        }

        $recoveryKeys += New-Object PSObject -Property @{

            HostName    = $hostname
            RecoveryKey = $recoveryKey
        }
    }

    return $recoveryKeys
}