: On your Domain Controller, ensure the BitLocker Drive Encryption feature and BitLocker Recovery Password Viewer are installed via Server Manager .
To retrieve BitLocker recovery keys for all computers in AD, use the following command:
if ($recoveryInfo) foreach ($key in $recoveryInfo) [PSCustomObject]@ ComputerName = $computer.Name RecoveryKeyID = $key.Name RecoveryPassword = $key.msFVE-RecoveryPassword CreatedDate = $key.whenCreated
| AD Attribute | Description | |--------------|-------------| | msFVE-RecoveryPassword | The 48-digit numeric recovery password | | msFVE-RecoveryGuid | Unique identifier for the recovery key | | msFVE-VolumeGuid | GUID of the encrypted volume | | msFVE-KeyPackage | Encrypted key package (if stored) |
: On your Domain Controller, ensure the BitLocker Drive Encryption feature and BitLocker Recovery Password Viewer are installed via Server Manager .
To retrieve BitLocker recovery keys for all computers in AD, use the following command:
if ($recoveryInfo) foreach ($key in $recoveryInfo) [PSCustomObject]@ ComputerName = $computer.Name RecoveryKeyID = $key.Name RecoveryPassword = $key.msFVE-RecoveryPassword CreatedDate = $key.whenCreated
| AD Attribute | Description | |--------------|-------------| | msFVE-RecoveryPassword | The 48-digit numeric recovery password | | msFVE-RecoveryGuid | Unique identifier for the recovery key | | msFVE-VolumeGuid | GUID of the encrypted volume | | msFVE-KeyPackage | Encrypted key package (if stored) |