Bitlocker Status, Computer from AD

PowerShell Help
1

Hi

I am looking for script there I can see Bitlocker Status on all computers from AD,

Please help

 

Sokoban :wink:

2

Have you tried to search for it?

Google: Bitlocker Status, Computer from AD

or Microsoft Technet Script Gallery: Retrieve BitLocker recovery information from AD DS.

3

[pre]
Get-ADObject -Filter “ObjectClass -eq ‘msFVE-RecoveryInformation’” -SearchBase “distinguishedComputerName” -Properties msFVE-RecoveryPassword
[/pre]

pwshliquori

4

[quote quote=149526][/quote]

et-ADObject : The supplied distinguishedName must belong to one of the following partition(s): 'XXXXXXXXXXXXXXXX
At line:1 char:1

  • Get-ADObject -Filter “ObjectClass -eq ‘msFVE-RecoveryInformation’” -S …
  • CategoryInfo : InvalidArgument: (:slight_smile: [Get-ADObject], ArgumentException
  • FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADObject

Can you explain Why it’s not working ?

Sokoban

 

5

That usually means that you supplied the wrong distinguished name. To get the distinguished name of the computer, use the Get-ADComputer -Identity computer1 |Select-Object DistinguishedName

pwshliquori

6

ok,

I have All Computers in OU,

Get-ADComputer -Filter * -SearchBase “OU=Clients,OU=TEST,DC=ad,DC=Test,DC=se” -Properties * |
Select -Property Name,OperatingSystem,

How will I do to get Bitlocker information here :wink:

Sokoban

7

Take out the Select-Object portion of your script, you will not be able to use Get-ADObject if you are selecting properties from Get-ADComputer.

Get-ADComputer -Filter * -SearchBase “OU=Clients,OU=Test,DC=ad,DC=test,DC=se” -Properties * |Get-ADObject

If you would like to see how this works, please see Microsoft’s docs on the Get-ADObject Cmdlet under the -Identity parameter.

https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adobject?view=win10-ps#required-parameters

pwshliquori

8

Also take out the -Properties * only select the properties you wish to work with. -Properties * is fine(ish) in a test lab but if you hit the whole domain with -Properties * your net admin would have a fit :slight_smile:

9

This is a very common thing to do, and there are plenty of pre-built scripts publicly a to leverage or tweak as needed.
So, little reason to do this from scratch, unless it’s a learning exercise. Even then, learn from others efforts when and where you can.

Query BitLocker status on remote computers This PowerShell script will remotely query each computer found in the specified OU (using manage-bde.exe) to determine if BitLocker protection is on or off a https://gallery.technet.microsoft.com/scriptcenter/Query-BitLocker-status-on-f44e443c

How to get BitLocker Encryption Status for multiple computers (PowerShell)
This PowerShell script sample shows how to get BitLocker Encryption Status for multiple computers.

10

I have trying run this one , https://gallery.technet.microsoft.com/scriptcenter/How-to-get-BitLocker-193ef058

Step 1: Right click PowerShell and select Run as Administrator.

Step 2: Then import the PowerShell script module using Import-Module.

Step 3: Run This

Get-OSCBitlockerStatus -ComputerName "HUELVA" -Credential $cre
Get error , Get-OSCBitlockerStatus : The term 'Get-OSCBitlockerStatus' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the p ath is correct and try again. At line:1 char:1 + Get-OSCBitlockerStatus -ComputerName "HUELVA" -Credential $cre + ~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Get-OSCBitlockerStatus:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException

Why error, please help :slight_smile:

Sokoban