We are having problems with the report "Computer: BitLocker recovery keys found in AD". We can verify manually that Computer Objects in AD have BitLocker keys stored, but this report still shows up blank. After working with Lansweeper Support we've learned that the command they use to capture these keys from AD is this:
Get-ADComputer 'your_computer'| Get-ADObject -properties * | Select-Object distinguishedname, msFVE-REcoveryPassword, whencreated
When we run that command directly on any of our machines the msFVE-RecoveryPassword field is blank.
There is an alternate command that does return the key correctly:
$objComputer=get-ADComputer computername; Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $objComputer.DistinguishedName -Properties 'msFVE-RecoveryPassword' | select msFVE-RecoveryPassword
We have been told by support that this will be entered as a feature request, but that since the current command works for most other customers there might not be any interest in making this change.
Does the report and original command work properly for anyone else, or is everyone else just ignoring this report because its broken?
