# get-bitlockerreport # # Simple tool to enumerate all Computers and look for Bitlocker recovery information in the ADSI # Initialize Hashtable to store Computers found with Bitlocker Information write-host "get-bitlockercomputer: Start" $Bitlockerclients = @{} # Search for GCs to find the Bitlocker information $RootNC = ([ADSI]"LDAP://RootDSE").rootDomainNamingContext $objSearcher = [adsisearcher]([ADSI]"GC://$RootNC") $objSearcher.PageSize = 1000 # enable paging $objSearcher.filter = "(objectclass=msFVE-RecoveryInformation)" $objSearcher.SearchScope = "subtree" $objSearcher.PropertiesToLoad.Clear() | Out-Null # don't load additional data, because not used write-host "get-bitlockercomputer: Search for Recovery Information" [long]$volumes=0 $objSearcher.findall() | % { $volumes++ $computer = [ADSI](([adsi]($_.path)).parent) # bind to Object using ADSI to get the parent Computer Object name $computerdn = $computer.distinguishedname[0] Write-Progress -Activity "Adding Computer $computerdn" -status $volumes #Write-host $computerdn If ($Bitlockerclients.item($computerdn)) { $Bitlockerclients.item($computerdn)++ } Else { $Bitlockerclients.item($computerdn)=[int]1 } } [long]$totalcomputer = $Bitlockerclients.count # Find all Computers write-host " Search for all Computers to generate list" $objSearcher.filter = "(objectclass=Computer)" $objSearcher.PropertiesToLoad.Add(“Name”) | Out-Null $objSearcher.PropertiesToLoad.Add(“distinguishedname”) | Out-Null $objSearcher.PropertiesToLoad.Add(“dNSHostName”) | Out-Null [long]$matchcount = 0 $objSearcher.findall() | % { Write-Progress -Activity ("Matching Computer " +$_.properties.name) -status $matchcount -percentcomplete ($matchcount/$totalcomputer*100) $result = "" | select computername,dNSHostName,distinguishedname,bitlockervolumes if ($_.properties.name) {$result.computername = $_.properties.name[0]} if ($_.properties.dnshostname) { $result.dNSHostName = $_.properties.dnshostname[0]} $result.distinguishedname = $_.properties.distinguishedname[0] If ($Bitlockerclients.item($_.properties.distinguishedname[0])) { $result.bitlockervolumes = $Bitlockerclients.item($_.properties.distinguishedname[0]) $matchcount++ } else { $result.bitlockervolumes = $null } $result # send data to pipeline } write-host "get-bitlockercomputer: End"