BLRecoveryPassword.psm1
|
function Get-RecoveryPassword { <# .SYNOPSIS Get the BitLocker recovery password from Active Directory .DESCRIPTION .NOTES .LINK .EXAMPLE Get the BitLocker recovery password for FOO-BAR machine PS> Get-RecoveryPassword -Machine FOO-BAR .EXAMPLE Get the BitLocker recovery password for FOO-BAR and save it to your desktop PS> Get-RecoveryPassword -Machine ABC-001 -SaveToDesktop #> [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string]$Machine, [Parameter(Mandatory = $false)] [switch]$SaveToDesktop ) $RSAT = Get-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools*" -ErrorAction Ignore if ($RSAT.State -eq "NotPresent") { Write-Host "`nInstalling RSAT DS-LDS Tools. Please wait..`n" -ForegroundColor Green Get-WindowsCapability -Online -Name "Rsat.ActiveDirectory.DS-LDS.Tools*" | Add-WindowsCapability -Online } $Cred = Get-Credential $SearchBase = (Get-AdComputer -Identity $Machine).DistinguishedName $Recovery = Get-ADObject -Filter 'objectClass -eq "msFVE-RecoveryInformation"' -SearchBase $SearchBase -Properties whenCreated, msFVE-RecoveryPassword -Credential $Cred | Sort-Object -Property whenCreated -Descending | Select-Object -Property whenCreated, msFVE-RecoveryPassword $Recovery if ($SaveToDesktop) { $Recovery | Out-File -FilePath "~\Desktop\$Machine - RecoveryPassword.txt" -Force } } Export-ModuleMember -Function Get-RecoveryPassword |