我试图从指定的OU连续导出所有PC的所有位锁密钥。
我们已经创建了下面提供的Powershell脚本来运行此操作,除了只有1个Recovery ID被管道传输而我们确实为它提供了多个RecoveryPasswords之外,其他一切工作都很好。我将如何获取每个设备的所有可用恢复ID?
Import-Module ActiveDirectory
function Convert-ByteArrayToHexString
{
[CmdletBinding()] Param (
[Parameter(Mandatory = $True, ValueFromPipeline = $True)] [System.Byte[]] $ByteArray,
[Parameter()] [Int] $Width = 1,
[Parameter()] [String] $Delimiter = "",
[Parameter()] [String] $Prepend = "",
[Parameter()] [Switch] $AddQuotes )
if ($Width -lt 1) { $Width = 1 }
if ($ByteArray.Length -eq 0) { Return }
$FirstDelimiter = $Delimiter -Replace "^[\,\:\t]",""
$From = 0
$To = 3
$String = [System.BitConverter]::ToString($ByteArray[$To..$From])
$String -replace "-",""
}
Get-ADComputer -Filter 'ObjectClass -eq "computer"' -SearchBase "OU=blank-w10,DC=xx,DC=xxxx,DC=x" | foreach-object {
$Computer = $_.name
#Check if the Computer Object exists
$Computer_Object = Get-ADComputer -Filter {cn -eq $Computer} -Property msTPM-OwnerInformation, msTPM-TpmInformationForComputer
if($Computer_Object -eq $null){
Write-Host "Error..."
}
#Check if the computer object has had a BitLocker Recovery Password
$Bitlocker_Object = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $Computer_Object.DistinguishedName -Properties 'msFVE-RecoveryPassword','msFVE-RecoveryGuid'
if($Bitlocker_Object.'msFVE-RecoveryPassword'){
$BitLocker_Key = $BitLocker_Object.'msFVE-RecoveryPassword'
$Bitlocker_ID = ""
$Bitlocker_ID = $Bitlocker_Object.'msFVE-RecoveryGuid'
$Bitlocker_ID2 = ""
$Bitlocker_ID2 = Convert-ByteArrayToHexString $Bitlocker_ID
}else{
$Bitlocker_ID2 = "none"
$BitLocker_Key = "none"
}
#Display Output
Write-Host
@{"Hostname" = $computer},
@{"PasswordID" = $Bitlocker_ID2},
@{"RecoveryPassword" = $BitLocker_Key}
}