Bitlocker Recovery Password

Question

Hello

I've followed this post Handling child objects which has worked to display the Bitlocker child object, what it shows though is the Password ID - is there any way to configure it to show the actual Bitlocker Recovery Password?

Thanks

Comments

Hi,

We have set up the following script as a custom command, and run it against Computer Objects in Adaxes:

import-module adaxes

#Searches AD for the specified computer
$computer = get-admcomputer %cn%

#Saves computer distinguishedname for future use
$comp_dn = $computer.distinguishedname

#Fetches bitlocker ad object located below the computer object
try
{
    $recovery_info = get-admobject -filter 'Objectclass -eq "msFVE-RecoveryInformation"' -searchbase $comp_dn -properties msfve-recoverypassword
}
catch
{
    $Context.Cancel("Unable to retrieve recovery key for %cn%!")
}

#If recovery key is present, print out to web interface, if not print error message
if ($recovery_info."msFVE-RecoveryPassword")
{
    $context.LogMessage("Computer name: %cn%", "Warning")
    $context.LogMessage("Bitlocker Recovery Key: $($recovery_info."msFVE-RecoveryPassword")", "Warning")
}
elseif (!($recovery_key))
{
    $Context.Cancel("Unable to retrieve recovery key for %cn%!")
}

Output looks something like this:

Answer 1

Hello,

On step 3 of the post you referred to, you can find a link to the following tutorial that describes how to customize the Web Interface to display objects of a custom type: http://www.adaxes.com/tutorials_WebInte ... omType.htm. When customizing the Web Interface to display msFVE-RecoveryInformation objects, you need to add the msFVE-RecoveryPassword property to the page for viewing the objects. This property will contain the recovery password. For information on how to add the property, see step 4 of the tutorial.

Or, as odsven suggested, you can use a Custom Command running a PowerShell script on Computer objects for this purpose.

Comments

Thanks, got it added by adding msFVE-RecoveryPassword.

---

I have had this set up and working for some time now but in the last few months we have discovered that it no longer displays the information any longer. I have followed the steps to re-add the recovery key info but no recovery information show up at all. any Ideas, if the script works where in the ADSI edit information is it pulling from to display.

---

The script doesn't work for me. I get the "Unable to retrieve recovery key for xxxxxx" after running it. I tested it separately in Powershell editor and got the same result. Can someone assist me?

---

Hello,

The script doesn't work for me too !
If I launch it with Powershell ISE, It works fine.
With Adaxes, msFVE-RecoveryInformation is retrieve but the attribute msFVE-RecoveryPassword not. I tried everything, { in place of ' or " but no way ... I will become crazy !
Help please ...

Thks,

Alain

---

Hello Alain,

Have a look at the following script from our repository: http://www.adaxes.com/script-repository ... d-s253.htm.

---

OK, this one works fine but I would like to understand why a script can work into a Powershell Windows and not under Adaxes ? Do you have an explanation ?

Thanks a lot

---

Hello Alain,

Are you sure that you tested the script cited above, not some sort of other script you found in the Internet? The above script uses the $Context.LogMessage and $Context.Cancel methods which are available only in scripts run within Adaxes. Calling them in the PowerShell Console / IDE would cause an error.

In general, there can be scripts that run fine in PowerShell IDE, but fail when run in Adaxes. For example, the scripts can show some user interface or ask for confirmation. Since you cannot show user interface from scripts run within Adaxes at the moment, an attempt to use any cmdlets / functions / methods that show user interface will result in an error.

---

All my best wishes for this new year.

Yes, of course, I modified the script, I removed the Context lines. It doesn't matter, it works with the other script.

Thks a lot.

Alain