Anzahl der Bitlocker Keys aus der AD auslesen
Du möchtest die Anzahl der einzelnen Bitlocker Keys eines Clients aus der Ad auslesen. Dafür brauchst du einfach dieses Skript. Es geht einmal über die AD und gibt dir zum Schluss die Anzahl aus.
write-host "get-bitlockercomputer: Start"
$Bitlockerclients = @{}
$RootNC = ([ADSI]"LDAP://RootDSE").rootDomainNamingContext
$objSearcher = [adsisearcher]([ADSI]"GC://$RootNC")
$objSearcher.PageSize = 1000
$objSearcher.filter = "(objectclass=msFVE-RecoveryInformation)"
$objSearcher.SearchScope = "subtree"
$objSearcher.PropertiesToLoad.Clear() | Out-Null
write-host "get-bitlockercomputer: Search for Recovery Information"
[long]$volumes=0
$objSearcher.findall() | % {
$volumes++
$computer = [ADSI](([adsi]($_.path)).parent)
$computerdn = $computer.distinguishedname[0]
Write-Progress -Activity "Adding Computer $computerdn" -status $volumes
If ($Bitlockerclients.item($computerdn)) {
$Bitlockerclients.item($computerdn)++
}
Else {
$Bitlockerclients.item($computerdn)=[int]1
}
}
[long]$totalcomputer = $Bitlockerclients.count
# Find all Computers
write-host " Search for all Computers to generate list"
$objSearcher.filter = "(objectclass=Computer)"
$objSearcher.PropertiesToLoad.Add(“Name”) | Out-Null
$objSearcher.PropertiesToLoad.Add(“distinguishedname”) | Out-Null
$objSearcher.PropertiesToLoad.Add(“dNSHostName”) | Out-Null
[long]$matchcount = 0
$objSearcher.findall() | % {
Write-Progress -Activity ("Matching Computer " +$_.properties.name) -status $matchcount -percentcomplete ($matchcount/$totalcomputer*100)
$result = "" | select computername,dNSHostName,distinguishedname,bitlockervolumes
if ($_.properties.name) {$result.computername = $_.properties.name[0]}
if ($_.properties.dnshostname) { $result.dNSHostName = $_.properties.dnshostname[0]}
$result.distinguishedname = $_.properties.distinguishedname[0]
If ($Bitlockerclients.item($_.properties.distinguishedname[0])) {
$result.bitlockervolumes = $Bitlockerclients.item($_.properties.distinguishedname[0])
$matchcount++
}
else {
$result.bitlockervolumes = $null
}
$result
}
write-host "get-bitlockercomputer: End"
Quelle:
Get-BitlockerReport (msxfaq.de)