BitLocker Recovery Key Manual Backup

ok, please kind, i'm noob powershell.  have 50 or bitlocker recovery keys did not backed ad , have been tasked writing powershell script automate process of updating the keys on machines did not added.

here have:

$result = manage-bde -protectors -get c: -type recoverypassword $id = $result -match "id" | out-string $id = $id.substring(10) $finalid = $id -replace "`t|`n|`r","" manage-bde -protectors -adbackup c: -id `'$finalid`'

the result "invalid class string".  every line functions correctly except final line.

a few things have become clear banged head against wall trying work:

1.  powershell to accept argument -id parameter in final statement must enclosed in single quotes.

2.  if enclose final command in double quotes looks great, command doesn't execute (of course)

3.  when run manage-bde commands manually in powershell , copy , paste the password final command works without problem.

i not sure if going right way or not, suggestions appreciated.

hi,

the last line command should like:

manage-bde -protectors -adbackup c: -id {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}

i did lot tests in lab, found if copy out or out-file id, there no error, example:

$result = manage-bde -protectors -get c: -type recoverypassword $id = $result -match "id" | out-string $id = $id.substring(10) $id | out-file c:\test.txt $a= get-content c:\test.txt manage-bde -protectors -adbackup c: -id $a

i suggest refer below links more details:

how backup recovery information in ad after bitlocker turned on in windows 7

http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx

put bitlocker recovery key active directory manually

http://social.technet.microsoft.com/forums/en-us/w7itprosecurity/thread/73c11263-da07-4141-be83-dcda4af0ca32

hope helps.

best regards,

yan li

---

yan li

technet community support

Windows Server  >  Windows PowerShell