Anzahl der Bitlocker Keys aus der AD auslesen

Du möchtest die Anzahl der einzelnen Bitlocker Keys eines Clients aus der Ad auslesen. Dafür brauchst du einfach dieses Skript. Es geht einmal über die AD und gibt dir zum Schluss die Anzahl aus.

write-host "get-bitlockercomputer: Start"
$Bitlockerclients = @{}



$RootNC = ([ADSI]"LDAP://RootDSE").rootDomainNamingContext
$objSearcher = [adsisearcher]([ADSI]"GC://$RootNC")
$objSearcher.PageSize = 1000   
$objSearcher.filter = "(objectclass=msFVE-RecoveryInformation)"
$objSearcher.SearchScope = "subtree"
$objSearcher.PropertiesToLoad.Clear() | Out-Null   

write-host "get-bitlockercomputer: Search for Recovery Information"
[long]$volumes=0
$objSearcher.findall() | % {
	$volumes++
  	$computer = [ADSI](([adsi]($_.path)).parent) 
	$computerdn = $computer.distinguishedname[0]
	Write-Progress -Activity "Adding Computer $computerdn" -status $volumes
	
	If ($Bitlockerclients.item($computerdn)) {
		$Bitlockerclients.item($computerdn)++
	}
	Else {
		$Bitlockerclients.item($computerdn)=[int]1
	}
}
[long]$totalcomputer = $Bitlockerclients.count
# Find all Computers
write-host " Search for all Computers to generate list"
$objSearcher.filter = "(objectclass=Computer)"
$objSearcher.PropertiesToLoad.Add(“Name”) | Out-Null
$objSearcher.PropertiesToLoad.Add(“distinguishedname”) | Out-Null
$objSearcher.PropertiesToLoad.Add(“dNSHostName”) | Out-Null

[long]$matchcount = 0 
$objSearcher.findall() | % {
	Write-Progress -Activity ("Matching Computer " +$_.properties.name) -status $matchcount -percentcomplete ($matchcount/$totalcomputer*100)
	$result = "" | select computername,dNSHostName,distinguishedname,bitlockervolumes
	if ($_.properties.name) {$result.computername = $_.properties.name[0]}
	if ($_.properties.dnshostname) { $result.dNSHostName = $_.properties.dnshostname[0]}
	$result.distinguishedname = $_.properties.distinguishedname[0]
  	If ($Bitlockerclients.item($_.properties.distinguishedname[0])) {
		$result.bitlockervolumes = $Bitlockerclients.item($_.properties.distinguishedname[0])
		$matchcount++
	}
	else {
		$result.bitlockervolumes = $null
	}
	$result    
}
write-host "get-bitlockercomputer: End"

Quelle:

Get-BitlockerReport (msxfaq.de)