If you have configured your BitLocker Drive Encryption to back up recovery information for BitLocker-protected drives and the Trusted Platform Module (TPM) to Active Directory Domain Services (AD DS) the backed up BitLocker recovery information is stored in a child object of the computer object. That is, the computer object is the container for a BitLocker recovery object. Each BitLocker recovery object includes the recovery password and other recovery information.
Here is an example in VB.NET that will list all computer objects in the AD and it’s corresponding recovery password.
The first step is to reference the Directory Services name space
|
1 |
Imports System.DirectoryServices |
Then declare the Bitlocker Structure. This structure will be used to hold various Bitlocker data as it is passed back to the main function from the ReturnRecoveryKey function.
|
1 2 3 4 5 6 |
Structure BitlockerInfo Dim RecoveryPassword As String Dim DistinguishedName As String Dim WhenCreated As Date Dim WhenChanged As Date End Structure |
Now that the structure is defined we want to create the main function. This code will loop through and enumerate all computer objects for the default domain. Then for each computer object it finds, it calls the ReturnRecoveryKey function which checks the msFVE-RecoveryInformation if there is Bitlocker information available and returns this as a BitlockerInfo structure.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
Dim intValue As Integer intValue = 0 Dim strName As String = "" Dim strDescription As String = "" Try Dim objSearch As New DirectorySearcher() objSearch.SearchRoot = New DirectoryEntry() objSearch.PageSize = "1000" objSearch.Filter = "(&(objectClass=computer))" objSearch.SearchScope = SearchScope.Subtree Dim colQueryResults As SearchResultCollection colQueryResults = objSearch.FindAll() Dim objResult As SearchResult Dim ListDataSource As New ArrayList() For Each objResult In colQueryResults strName = "" strDescription = "" Dim strBitlockerInfo As New BitlockerInfo If objResult.Properties.Contains("name") Then strName = objResult.Properties("name")(0) End If strBitlockerInfo = ReturnRecoveryKey("LDAP://" & objResult.Properties("distinguishedname")(0).ToString) Console.WriteLine(strName & vbTab & strBitlockerInfo.RecoveryPassword) Next Catch ex As Exception End Try |
Lastly, we need to create the ReturnRecoveryKey function. This is the function that takes a computer objects LDAP string as input variable and returns Bitlocker information for that specific computer object.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
Private Function ReturnRecoveryKey(ByVal strComputerObjectLDAP As String) Dim intValue As Integer intValue = 0 Dim strName As String = "" Dim strDescription As String = "" Dim strBitlockerKey As String = "" Dim strDistinguishedname As String = "" Try Dim objSearch As New DirectorySearcher() objSearch.SearchRoot = New DirectoryEntry(strComputerObjectLDAP) objSearch.PageSize = "1000" objSearch.Filter = "(&(objectClass=msFVE-RecoveryInformation))" objSearch.SearchScope = SearchScope.Subtree Dim colQueryResults As SearchResultCollection colQueryResults = objSearch.FindAll() Dim objResult As SearchResult Dim strBitLockerInfo As New BitlockerInfo For Each objResult In colQueryResults If objResult.Properties.Contains("msFVE-RecoveryPassword") Then strBitLockerInfo.RecoveryPassword = (objResult.Properties("msFVE-RecoveryPassword")(0)) End If If objResult.Properties.Contains("whencreated") Then strBitLockerInfo.WhenCreated = (objResult.Properties("whencreated")(0)) End If If objResult.Properties.Contains("whenchanged") Then strBitLockerInfo.WhenChanged = (objResult.Properties("whenchanged")(0)) End If If objResult.Properties.Contains("distinguishedname") Then strBitLockerInfo.DistinguishedName = (objResult.Properties("distinguishedname")(0)) End If Next Return strBitLockerInfo Catch ex As Exception End Try End Function |
