Bitlocker encrypted? Reporting on Bitlocker machine account properties

Query for Bitlocker recovery keys (properties of machines) and then getting the owner of key. Using the useful (and free) Quest ActiveRoles commandlets.

add-pssnapin quest.activeroles.admanagement -ErrorAction Silentlycontinue
$DesktopsOU= "OU=Win7,OU=Workstations,DC=companyname,DC=com"
Get-QADObject -SizeLimit 0 -IncludedProperties Name,ParentContainer -SearchRoot $DesktopsOU | Where-Object {$_.type -eq "msFVE-RecoveryInformation"} | Foreach-Object {Split-Path -Path $_.ParentContainer -Leaf} | Select-Object -Unique

The following page links to a script which will give you a CSV reportĀ

Your account needs read access to bitlocker recovery key properties on machine accounts: msFVE-RecoveryInformation

Leave a Reply