65 lines
1.8 KiB
PowerShell
65 lines
1.8 KiB
PowerShell
|
function Get-BitLockerRecoveryKeys {
|
||
|
|
||
|
<#
|
||
|
.SYNOPSIS
|
||
|
Returns the BitLocker recovery key for a computer
|
||
|
|
||
|
.DESCRIPTION
|
||
|
Returns the BitLocker recovery key for a computer. Caller must have domain admin rights
|
||
|
|
||
|
.PARAMETER HostNames
|
||
|
[string[]] The hostname or array of hostnames to return
|
||
|
|
||
|
.EXAMPLE
|
||
|
Get-BitLockerRecoveryKey "ALK-DELL1234"
|
||
|
|
||
|
.EXAMPLE
|
||
|
Get-BitLockerRecoveryKey @("ALK-DELL1234", "ALK-DELL23456")
|
||
|
#>
|
||
|
|
||
|
[CmdletBinding()]
|
||
|
[OutputType([System.Object[]])]
|
||
|
param(
|
||
|
[Parameter(Mandatory)]
|
||
|
[Alias("Computers","ComputerNames")]
|
||
|
[string[]]$HostNames
|
||
|
)
|
||
|
|
||
|
$logLead = (Get-LogLeadName)
|
||
|
|
||
|
if (!(Test-IsUserDomainAdmin)) {
|
||
|
|
||
|
Write-Warning "$logLead : You must have domain administrative privileges to run this command"
|
||
|
return $null
|
||
|
}
|
||
|
|
||
|
[array]$hostsToCheck = $HostNames
|
||
|
$recoveryKeys = @()
|
||
|
foreach ($hostName in $hostsToCheck) {
|
||
|
|
||
|
$computer = Get-ADComputer $hostName -property DistinguishedName
|
||
|
|
||
|
if ( $null -eq $computer ) {
|
||
|
Write-Warning "$logLead : Unable to find host [$hostName] in AD; verify your hostname."
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
$bitLockerObject = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} `
|
||
|
-SearchBase $computer.DistinguishedName -Properties *
|
||
|
$recoveryKey = $bitLockerObject.'msFVE-RecoveryPassword'
|
||
|
|
||
|
if ([String]::IsNullOrEmpty($recoveryKey)) {
|
||
|
|
||
|
Write-Warning "$logLead : Unable to retrieve BitLocker Recovery value for host: [$hostName]"
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
$recoveryKeys += New-Object PSObject -Property @{
|
||
|
|
||
|
HostName = $hostname
|
||
|
RecoveryKey = $recoveryKey
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return $recoveryKeys
|
||
|
}
|