Bitlocker status on all computers.<\/a><\/p>","upvoteCount":1,"datePublished":"2016-06-22T05:45:24.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/2","author":{"@type":"Person","name":"chamele0n","url":"https://community.spiceworks.com/u/chamele0n"}},{"@type":"Answer","text":"LOL, yep, I was just about to post it again. Good memory!<\/p>","upvoteCount":0,"datePublished":"2016-06-22T11:35:49.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/3","author":{"@type":"Person","name":"martin9700","url":"https://community.spiceworks.com/u/martin9700"}},{"@type":"Answer","text":"
Hi Martin,<\/p>\n
Thanks - I’m trying this script. I guess that I need to amend this only<\/p>\n
OU=YourOUforWorkstations,DC=Your,DC=Domain\"<\/p>\n
Could you please make an example for me?<\/p>\n
OU=Europe/Computer,DC=domain,DC=com\"<\/p>\n
Thanks,<\/p>\n
Edy<\/p>","upvoteCount":0,"datePublished":"2016-06-22T12:01:44.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/4","author":{"@type":"Person","name":"edywerder","url":"https://community.spiceworks.com/u/edywerder"}},{"@type":"Answer","text":"\n\n
<\/div>\n
edywerder:<\/div>\n
\nHi Martin,<\/p>\n
Thanks - I’m trying this script. I guess that I need to amend this only<\/p>\n
OU=YourOUforWorkstations,DC=Your,DC=Domain\"<\/p>\n
Could you please make an example for me?<\/p>\n
OU=Europe/Computer,DC=domain,DC=com\"<\/p>\n
Thanks,<\/p>\n
Edy<\/p>\n<\/blockquote>\n<\/aside>\n
Could you clarify your question? You’ve already provided two examples of an FQDN in your question! Are you asking me what the FQDN for YOUR workstations is? Or how to get it?<\/p>","upvoteCount":0,"datePublished":"2016-06-22T12:12:52.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/5","author":{"@type":"Person","name":"martin9700","url":"https://community.spiceworks.com/u/martin9700"}},{"@type":"Answer","text":"
Sorry please make me an example of a FQDN?<\/p>\n
Our computer OU is grouped by regions. I’m getting a ADC Computer - directory not found error.<\/p>\n
Thanks,<\/p>\n
Edy<\/p>","upvoteCount":0,"datePublished":"2016-06-22T12:16:21.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/7","author":{"@type":"Person","name":"edywerder","url":"https://community.spiceworks.com/u/edywerder"}},{"@type":"Answer","text":"\n\n
<\/div>\n
edywerder:<\/div>\n
\nSorry please make me an example of a FQDN?<\/p>\n
Our computer OU is grouped by regions. I’m getting a ADC Computer - directory not found error.<\/p>\n
Thanks,<\/p>\n
Edy<\/p>\n<\/blockquote>\n<\/aside>\n
You supplied two examples of an FQDN. I am unfamiliar with your environment so cannot give you YOUR FQDN. Are you the only IT person? Is there an administrator you could talk to to give you the information?<\/p>","upvoteCount":0,"datePublished":"2016-06-22T12:20:29.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/8","author":{"@type":"Person","name":"martin9700","url":"https://community.spiceworks.com/u/martin9700"}},{"@type":"Answer","text":"
Hi Martin,<\/p>\n
I figured it out. It works great now. I already have the report.<\/p>\n
Thank you very much for supplying this script to the community!<\/p>\n
Edy<\/p>","upvoteCount":1,"datePublished":"2016-06-22T12:23:12.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/9","author":{"@type":"Person","name":"edywerder","url":"https://community.spiceworks.com/u/edywerder"}},{"@type":"Answer","text":"
Just remember that just because there is a recovery object present for the computer in AD, this doesn’t mean that the machine is encrypted. An admin could easily disable or pause Bitlocker after the recovery object was saved to the computer account.<\/p>","upvoteCount":0,"datePublished":"2016-06-22T18:44:02.000Z","url":"https://community.spiceworks.com/t/retrieve-bitlocker-information-from-ad-computer-objects/505792/10","author":{"@type":"Person","name":"mattmcnabb","url":"https://community.spiceworks.com/u/mattmcnabb"}}]}}
edywerder
June 22, 2016, 5:13am
1
Hi All,
Our computers are BitLocker enabled and the information is stored in AD computer objects. BitLocker viewer is enabled.
I would like to retrieve a report from a certain OU which shows which computer is BitLocker enabled. I don’t really need to retrieve the password information.
This report is for security audit purpose. It should show if all computers in the computers OU are encrypted.
I think best is to extract the information using Windows Powerhell.
Does anybody have such a script handy?
Thanks,
Edy
4 Spice ups
chamele0n
June 22, 2016, 5:45am
2
I believe Martin9700 posted a ncie script for exactly this a little while ago: Bitlocker status on all computers.
1 Spice up
LOL, yep, I was just about to post it again. Good memory!
edywerder
June 22, 2016, 12:01pm
4
Hi Martin,
Thanks - I’m trying this script. I guess that I need to amend this only
OU=YourOUforWorkstations,DC=Your,DC=Domain"
Could you please make an example for me?
OU=Europe/Computer,DC=domain,DC=com"
Thanks,
Edy
edywerder:
Hi Martin,
Thanks - I’m trying this script. I guess that I need to amend this only
OU=YourOUforWorkstations,DC=Your,DC=Domain"
Could you please make an example for me?
OU=Europe/Computer,DC=domain,DC=com"
Thanks,
Edy
Could you clarify your question? You’ve already provided two examples of an FQDN in your question! Are you asking me what the FQDN for YOUR workstations is? Or how to get it?
You could try this to find the FQDN:
Get-ADOrganizationalUnit -Filter {name -like "*workstations*"} | Select distinguishedname
or
https://community.spiceworks.com/scripts/show/1635-copy-a-ou-s-fqdn-to-clipboard
edywerder
June 22, 2016, 12:16pm
7
Sorry please make me an example of a FQDN?
Our computer OU is grouped by regions. I’m getting a ADC Computer - directory not found error.
Thanks,
Edy
You supplied two examples of an FQDN. I am unfamiliar with your environment so cannot give you YOUR FQDN. Are you the only IT person? Is there an administrator you could talk to to give you the information?
edywerder
June 22, 2016, 12:23pm
9
Hi Martin,
I figured it out. It works great now. I already have the report.
Thank you very much for supplying this script to the community!
Edy
1 Spice up
Just remember that just because there is a recovery object present for the computer in AD, this doesn’t mean that the machine is encrypted. An admin could easily disable or pause Bitlocker after the recovery object was saved to the computer account.
