cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Arrow7451
Engaged Sweeper

We are having problems with the report "Computer: BitLocker recovery keys found in AD". We can verify manually that Computer Objects in AD have BitLocker keys stored, but this report still shows up blank. After working with Lansweeper Support we've learned that the command they use to capture these keys from AD is this:

Get-ADComputer 'your_computer'| Get-ADObject -properties * | Select-Object distinguishedname, msFVE-REcoveryPassword, whencreated

When we run that command directly on any of our machines the msFVE-RecoveryPassword field is blank.

There is an alternate command that does return the key correctly:

$objComputer=get-ADComputer computername; Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $objComputer.DistinguishedName -Properties 'msFVE-RecoveryPassword' | select msFVE-RecoveryPassword

We have been told by support that this will be entered as a feature request, but that since the current command works for most other customers there might not be any interest in making this change.

Does the report and original command work properly for anyone else, or is everyone else just ignoring this report because its broken?

0 REPLIES 0