<# .SYNOPSIS Backs up the existing Bitlocker recovery key to the joined AD domain. .EXAMPLE PS C:\> Send-BitlockerADRecovery.ps1 .OUTPUTS Outputs to the log, error, and data log files. #> ### Bootstrap ### if(-not $bootstrapLoaded) { [Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072) Invoke-Expression (New-Object System.Net.WebClient).DownloadString("https://file.provaltech.com/repo/script/Bootstrap.ps1") Set-Environment Update-PowerShell if($powershellUpgraded) { return } if($powershellOutdated) { return } } else { Write-Log -Text "Bootstrap already loaded." -Type INIT } ### Process ### $volumes = Get-BitLockerVolume foreach ($volume in $volumes) { $keyProtector = $volume.KeyProtector | Where-Object {$_.KeyProtectorType -eq "RecoveryPassword"} if($keyProtector) { $returnVolume = Backup-BitLockerKeyProtector -MountPoint $volume.MountPoint -KeyProtectorId $keyProtector.KeyProtectorId if($returnVolume) { Write-Log -Text "The recovery password for volume $($volume.MountPoint) has been backed up to AD." -Type LOG Write-Log -Text "SUCCESS" -Type DATA } else { Write-Log -Text "Something went wrong. Please see thrown error message for details." -Type ERROR Write-Log -Text "FAIL" -Type DATA } } else { Write-Log -Text "Volume $($volume.MountPoint) does not have a recovery password key protector." -Type LOG Write-Log -Text "SUCCESS" -Type DATA } }