Get Bitlocker Recovery Key From Active Directory -

$computerName = "WS-LAPTOP-0452" $computerDN = (Get-ADComputer $computerName).DistinguishedName Get-ADObject -Filter ObjectClass -eq 'msFVE-RecoveryInformation' -SearchBase $computerDN -Properties msFVE-RecoveryPassword | Select-Object Name, msFVE-RecoveryPassword, Created

| Issue | Fix | | :--- | :--- | | | You need "Advanced Features" enabled in ADUC (View menu). | | The computer object has no child entries | BitLocker wasn't backed up to AD. Check GPO again. | | The key doesn't work | You grabbed the wrong key. Verify the Key ID on the user’s screen matches the Key ID in AD. | | PowerShell returns nothing | Run as Domain Admin. Also try -Properties * – some attributes are not visible by default. | get bitlocker recovery key from active directory