I am not sure how to get this worked out. I have a powershell script that gets all computers in OU that have a bitlocker key. I am trying to get all keys if they have one or not . I can not find on what to adjust . I have tried if statements and everything.
So if the computer has a key I want the computer name and key. Then i want computer and show blank space or no key if there is no bitlocker key .
Add-PSSnapin Quest.ActiveRoles.ADManagement
$MyDomain='domain'
$MyClearTextUsername='user'
$MyClearTextPassword='password'
$MyUsernameDomain=$MyDomain+'\'+$MyClearTextUsername
$SecurePassword=Convertto-SecureString –String $MyClearTextPassword –AsPlainText –force
$Creds=New-object System.Management.Automation.PSCredential $MyUsernameDomain,$SecurePassword
#Prompt for AD user to use
#$Creds=Get-Credential
#Connect to DC
Connect-QADService -service "domain.org:389" -credential $Creds
#Custom variables
$CsvFilePath = "C:\BitLockerComputerReport2.csv"
#Create array
$export = @()
#Export computers not Bitlocker-enabled to a CSV-file
$BitLockerEnabled = Get-QADObject -SizeLimit 0 -IncludedProperties Name,DN,ParentContainer,msFVE-RecoveryPassword | Where-Object {$_.type -eq "msFVE-RecoveryInformation"} | Foreach-Object {
#Create custom object
$computerobj = New-Object -TypeName psobject
#Add name
$computerobj | Add-Member -MemberType NoteProperty -Name Name -Value (Split-Path -Path $_.ParentContainer -Leaf)
#$computerobj | Add-Member -MemberType NoteProperty -Name "msFVE-RecoveryPassword" -Value $_."msFVE-RecoveryPassword"
$computerobj | Add-Member -MemberType NoteProperty -Name DN -Value $_."DN"
$export += $computerobj
}
#Export the array with computerinformation to the user-specified path
$export |select -Unique Name , @{N="OU";E={$_.DN.Split(',')[2,3]}} | sort Name| Export-Csv -Path $CsvFilePath -NoTypeInformation
I dislike empty arrays and adding to them, almost never necessary. I also detest quest. Is this an old script you had laying around?
you might include a searchbase for your computers ou’s
$bitlockerinfo = get-adcomputer -filter * |% {
$blinfo = get-ADObject -ldapfilter "(msFVE-Recoverypassword=*)" -Searchbase $_.distinguishedname -properties msfve-recoverypassword
[pscustomobject]@{
computer = $_.name
key = $blinfo.msfve-recoverypassword
}
}
$bitlockerinfo
Actually it is an old script i used at another company. I then just modify what i want. I will test your script and see what i get. i was wanting to pull OU info and OS system too. That is why i made it an empty so i could put what i wanted. But i am always willing to learn new ways to do things.
i got this error. I kind of see what you are doing . I will have to add the DN and other stuff I had collected in orignal script as i needed that.
not sure where to go on error as i am a tad fuzzy on how you are pulling the bitlocker key
At line:26 char:20
- key = $blinfo.msfve-recoverypassword
-
~~~~~~~~~~~~~~~~~
Unexpected token ‘-recoverypassword’ in expression or statement.
+ CategoryInfo : ParserError: (
, ParentContainsErrorRecordException
+ FullyQualifiedErrorId : UnexpectedToken
oh I always forget the hyphen in the property name. Enclose it in single qoutes. $blinfo.‘msfve-recoverypassword’
The recovery info is an object under the computer that you can’t see in ADUC so we use the distinguishedname of the computer as the searchbase.
man I must be off tonight. i still can not wrap my head around how you are getting some of the info. I guess I have been using quest too long. I am trying to grab the operatingsystem, and model but failing. My thinking is that bitlockerinfo has it all because of the filter * . Am i wrong ? I pasted the results as I find it funny it is only giving me DN only when it has a key …
I am sorry for newbie questions but lost on how this is working.
Import-Module ActiveDirectory
$MyDomain='xxx'
$MyClearTextUsername='xxx'
$MyClearTextPassword='xxx#'
$MyUsernameDomain=$MyDomain+'\'+$MyClearTextUsername
$SecurePassword=Convertto-SecureString –String $MyClearTextPassword –AsPlainText –force
$Creds=New-object System.Management.Automation.PSCredential $MyUsernameDomain,$SecurePassword
#Custom variables
$CsvFilePath = "C:\BitLockerComputerReport2.csv"
$bitlockerinfo = get-adcomputer -credential $Creds -filter * |% {
$blinfo = get-ADObject -credential $Creds -ldapfilter "(msFVE-Recoverypassword=*)" -Searchbase $_.distinguishedname -properties DistinguishedName,OperatingSystem,msfve-recoverypassword
[pscustomobject]@{#
computer = $_.name
OU = $blinfo.'DistinguishedName'
OS = $bitlockerinfo.'OperatingSystem'
key = $blinfo.'msfve-recoverypassword'
#model = $bitlockerinfo.''
}
}
$bitlockerinfo |select -Unique Computer , @{N="OU";E={$_.OU.Split(',')[2,3]}},OS,key | sort Computer| Export-Csv -Path $CsvFilePath -NoTypeInformation
Computer OU OS Key Model
550ACB-4441 System.Object[]
550ACB-4442 System.Object[]
550ACB-4443 System.Object[]
550ACB-4551 System.Object[]
550ACB-4904 OU=Computers OU=ACB System.Object[] 175175-376640-309111-341847-554202-390599-106645-104137
550ACB-4905 OU=Computers OU=ACB System.Object[] 455048-446644-615450-521631-515713-002431-600864-128667
550ACB-4906 OU=Computers OU=ACB System.Object[] 181027-201608-168696-592878-665456-054516-361405-257114
Hopefully this makes more sense.
$computers = get-adcomputer -filter * -properties operatingsystem
$bitlockerinfo = foreach($computer in $computers){
$key = get-ADObject -ldapfilter "(msFVE-Recoverypassword=*)" -Searchbase $computer.distinguishedname -properties msfve-recoverypassword
[pscustomobject]@{
computer = $computer.name
os = $computer.operatingsystem
key = $key.'msfve-recoverypassword'
}
}
$bitlockerinfo
Thank you so much for your help. I am almost there. I still am trying to get the model number but the code written this way makes more sense. I did get an error though. I am just so close with your help. Thank you.
Get-ADObject : Cannot validate argument on parameter 'SearchBase'. The argument is null. Provide a valid value for the argument, and then
try running the command again.
At line:18 char:94
+ ... -Recoverypassword=*)" -Searchbase $computer.distinguishedname -proper ...
I thought of adding searchbase as OU = Main but still errors. Well it does not error just hangs and does not look like it is doing anything. I think that is one good thing about quest tools. I could see the progress bar LOL
Here is code . I tried grabbing description too.
get-adcomputer -filter * -properties operatingsystem
#Custom variables
$CsvFilePath = "C:\BitLockerComputerReport2.csv"
$bitlockerinfo = foreach($computer in $computers){
$key = get-ADObject -ldapfilter "(msFVE-Recoverypassword=*)" -Searchbase "OU=xxx,dc=xxx,dc=xxx,dc=xxx" -properties canonicalname,description,msfve-recoverypassword
[pscustomobject]@{
computer = $_.name
os = $computer.operatingsystem
key = $key
}
}
$bitlockerinfo |select -Unique Computer , @{N="OU";E={$_.OU.Split(',')[2,3]}},OS,description,key | sort Computer| Export-Csv -Path $CsvFilePath -NoTypeInformation
The searchbase for your computers is the top line.
The searchbase for the bitlockerkey is the dn of the computer.
i am still having some issues if someone would like to help. I get no results at all.
get-adcomputer -SearchBase "ou=xx,dc=xx,dc=xx,dc=org" -filter * -properties operatingsystem
#Custom variables
$CsvFilePath = "C:\BitLockerComputerReporttest.csv"
$bitlockerinfo = foreach($computer in $computers){
$key = get-ADObject -ldapfilter "(msFVE-Recoverypassword=*)" -Searchbase "ou=xx,dc=xx,dc=xx,dc=org" -properties canonicalname,description,msfve-recoverypassword
[pscustomobject]@{
computer = $_.name
os = $computer.operatingsystem
key = $key
ou= $bitlockerinfo.distiguishedname
description=$key.description
}
}
$bitlockerinfo |select -Unique Computer, @{N="OU";E={$_.OU.Split(',')[2,3]}},OS,description,key | sort Computer| Export-Csv -Path $CsvFilePath -NoTypeInformation
again, the searchbase for the recovery info object is $computer.distinguishedname.
get-ADObject -ldapfilter “(msFVE-Recoverypassword=*)” -Searchbase $computer.distinguishedname
Don’t modify the script I gave you until you understand what’s going on, you can’t just substitute variables and expect them to work. ou= $bitlockerinfo.distiguishedname is not going to give you anything.
#enter one computername with known recovery info.
$computer = 'mypc01'
$i = get-adcomputer $computer -properties operatingsystem
$key = get-ADObject -ldapfilter "(msFVE-Recoverypassword=*)" -Searchbase $i.distinguishedname -properties canonicalname,description,msfve-recoverypassword
$i.name
$i.operatingsystem
$key
$key.'msFVE-Recoverypassword'
The code above works when they have a key. It errors out with a computer no key. I am sorry about getting confused. It did not pull description at all. I know in AD it has it as description. I really am not this stumped as i have two scripts working now but using excel to match the info up. Is there a way to paypal you something for your troubles.
i am not seeing how to attach pics. Here is what it says
6/6/2016 - cv27560 - Satellite C55-A
The last was an example of how we return objects and their properties. Now, when a property doesn’t have a value and we use the pscustomobject the value will be blank.
#object
$computer = get-adcomputer mypc -properties operatingsystem,description
$computer
#properties of object
$computer.operatingsystem
$computer.description
#table
[pscustomobject]@{desc=$computer.description;name = $computer.name;os=$computer.operatingsystem}
Oh i understand now Dan . Thank you so much. Now I understand more on how to do it. I will go ahead and try to finish writing it to get all computers in certain OU.
Ha i wish i had sheer boredom and could write something like that. i think i understand everything now. I will put together bitlocker info and computer info in one script now. Thank you. I wish i could be as good as you one day.