automate backup of bitlocker recovery key

satya mahapatra 11 Reputation points
2022-06-14T21:46:42.333+00:00

i have bitlocker running and its recovery key getting backup. few are mssing.
I want some script \batch file so recovery key can be backed up to ad
example:
manage-bde -protectors -get c:
manage-bde -protectors -adbackup c: -id {DFB478E6-8B3F-4DCA-9576-C1905B49C71E}
here in ID will be dynamic as pc to pc.
if any batch or script can do this?

Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,598 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. MTG 1,226 Reputation points
    2022-06-15T14:36:11.903+00:00
    for /f "tokens=1,2" %%a in ('manage-bde -protectors -get C: -Type recoverypassword ^| findstr ID') do manage-bde -protectors -adbackup c: -id %%b  
    
    0 comments No comments

  2. Limitless Technology 39,771 Reputation points
    2022-06-15T15:22:56.33+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to Bitlocker recovery saving to AD.

    Mehod 1:
    You can also only set the configuration in the GPO:

    Computer configuration\Windows Components\Bitlocker drive Encryption\OS Drive\Save Bitlocker Key in AD DS

    Method 2:

    PowerShell script (Copy and save as .ps1) so that it can be used in group policy or SCCM


    try{
    $BLV = Get-BitLockerVolume -MountPoint $env:SystemDrive
    $KeyProtectorID=””
    foreach($keyProtector in $BLV.KeyProtector){
    if($keyProtector.KeyProtectorType -eq “RecoveryPassword”){
    $KeyProtectorID=$keyProtector.KeyProtectorId
    break;
    }
    }$result = Backup-BitLockerKeyProtector -MountPoint “$($env:SystemDrive)” -KeyProtectorId $KeyProtectorID
    return $true
    }
    catch{
    return $


    --------------------------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.