BitLocker Recovery Key Manual Backup

-

ok, please kind, i'm noob powershell.  have 50 or bitlocker recovery keys did not backed ad , have been tasked writing powershell script automate process of updating the keys on machines did not added.

here have:

$result = manage-bde -protectors -get c: -type recoverypassword $id = $result -match "id" | out-string $id = $id.substring(10) $finalid = $id -replace "`t|`n|`r","" manage-bde -protectors -adbackup c: -id `'$finalid`'

the result "invalid class string".  every line functions correctly except final line.

a few things have become clear banged head against wall trying work:

1.  powershell to accept argument -id parameter in final statement must enclosed in single quotes.

2.  if enclose final command in double quotes looks great, command doesn't execute (of course)

3.  when run manage-bde commands manually in powershell , copy , paste the password final command works without problem.

i not sure if going right way or not, suggestions appreciated.


hi,

the last line command should like:

manage-bde -protectors -adbackup c: -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}

i did lot tests in lab, found if copy out or out-file id, there no error, example:

$result = manage-bde -protectors -get c: -type recoverypassword $id = $result -match "id" | out-string $id = $id.substring(10) $id | out-file c:\test.txt $a= get-content c:\test.txt manage-bde -protectors -adbackup c: -id $a

i suggest refer below links more details:

how backup recovery information in ad after bitlocker turned on in windows 7

http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

put bitlocker recovery key active directory manually

http://social.technet.microsoft.com/forums/en-us/w7itprosecurity/thread/73c11263-da07-4141-be83-dcda4af0ca32

hope helps.

best regards,

yan li

yan li

technet community support




Windows Server  >  Windows PowerShell



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more