Automate storing of BitLocker Recovery Keys in AD using PowerShell

Please refer to this video for now: https://youtu.be/g2Z0F6KmZRA

This page will be updated soon… You can copy the PowerShell code from below.

This demonstration uses Windows Server 2022 server with Windows 10 and Windows 11 Professional clients. But the principles are same for Windows Server 2012 through 2022 (Windows Server 2022 / 2019 / 2016 / 2012). There are no GUI differences among most of the previous versions of Windows Servers. The enforced GPO settings will work on Windows 11, 10 and previous versions of client Operating Systems connected to the domain Active Directory.

PowerShell Cmdlets

# These immediate two lines are only for testing #
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("Logon script is running... `n Sending BitLocker Unlock Keys to AD","WARNING - NetITGeeks")

try {
    # Data and time of the run
    Get-Date -Format " dddd MM/dd/yyyy HH:mm:ss K" | Add-Content H:\startup_script_runs.txt
    # Sending BitLocker unlock keys to AD
    $BLV = Get-BitLockerVolume -MountPoint "C:"
    Backup-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProtector[1].KeyProtectorId
}
catch {
    $exception = $_.Exception.Message
    Out-File -FilePath 'H:\startup_script_errors.txt' -Append -InputObject $exception
}

# This line is only for testing #
[System.Windows.Forms.MessageBox]::Show("Logon script completed!","WARNING - NetITGeeks")

Sanuja Senanayake

Automate storing of BitLocker Recovery Keys in AD using PowerShell

PowerShell Cmdlets

Also check out these articles

Standing on the shoulders of giants

PowerShell Cmdlets

Also check out these articles

Print/Share:

Standing on the shoulders of giants