I’m trying to build a script that can backup Bitlocker recovery keys from all Bitlocker protected volumes that the computer might have. I have been scratching my head with this.
This one works for OS drive in my test machine but fails to backup my data drive D recovery password to AD.
Get-BitLockerVolume | ForEach-Object {Backup-BitLockerKeyProtector -MountPoint $.MountPoint -KeyProtectorId $.KeyProtector[1].KeyProtectorId}
I noticed that the problem is this part: $.KeyProtector[1]
When I run Get-BitlockerVolume I can see that the KeyProtector property looks like this below. So the RecoveryPassword is stored in array index [0] for drive D and for [1] in drive C.
VolumeType Mount CapacityGB VolumeStatus Encryption KeyProtector AutoUnlock Protection
Point Percentage Enabled Status
OperatingSystem C: 126,40 FullyEncrypted 100 {Tpm, RecoveryPassword} On
Data D: 126,87 FullyEncrypted 100 {RecoveryPassword, Ext… True On
Question is how the heck I can modify my code to get all RecoveryPasswords from all possible Bitlocker protected drives that the computer might have?