I'm trying to identify how to retrieve the BitLocker recovery key stored in the msFVE-RecoveryPassword Property of the msFVE-RecoveryInformation class for the sub object of the computer object in ADSI Edit. Does anyone know the ADSI options to use to get this key?
Thanks.
Here is a TOTALLY UNDEBUGGED code sample based on the code found here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/48efa024-e9ce-4c81-bd57-04d51c8f7417/dsquery-to-get-msfverecoverypassword?forum=winserverDS
;TOTALLY UNDEBUGGED and UNTESTED
; --------------------------------------------------------------------------------
; Helper function: Convert the octet GUID string (byte array) to a hex string
; --------------------------------------------------------------------------------
;Reference: http://blogs.msdn.com/ericlippert/archive/2004/05/25/141525.aspx
#DefineFunction HexByte(b)
AddExtender("wilx44i.dll",0,"wilx64i.dll"); WILX EXTENDER
HexByte = StrFixLeft( xHex(b), 0, 2 )
#EndFunction
#DefineFunction ConvertOctetGuidToHexString(ByteArray)
Binary = ArraytoStr(ByteArray)
S = "{"
S = S & HexByte(AscB(MidB(Binary, 4, 1)))
S = S & HexByte(StrSub(StrSub(Binary, 4, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 3, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 2, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 1, 1)),1,1)
S = S & "-"
S = S & HexByte(StrSub(StrSub(Binary, 6, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 5, 1)),1,1)
S = S & "-"
S = S & HexByte(StrSub(StrSub(Binary, 8, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 7, 1)),1,1)
S = S & "-"
S = S & HexByte(StrSub(StrSub(Binary, 9, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 10, 1)),1,1)
S = S & "-"
S = S & HexByte(StrSub(StrSub(Binary, 11, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 12, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 13, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 14, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 15, 1)),1,1)
S = S & HexByte(StrSub(StrSub(Binary, 16, 1)),1,1)
S = S & "}"
Return S
#EndFunction
; --------------------------------------------------------------------------------
; Get path to Active Directory computer object associated with the computer name
; --------------------------------------------------------------------------------
#DefineFunction GetStrPathToComputer(strComputerName)
; Uses the global catalog to find the computer in the forest
; Search also includes deleted computers in the tombstone
objRootLDAP = ObjectGet("LDAP://rootDSE")
namingContext = objRootLDAP.Get("defaultNamingContext") ; e.g. string dc=fabrikam,dc=com
strBase = "<GC://" : namingContext : ">"
objConnection = CreateObject("ADODB.Connection")
objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open( "Active Directory Provider" )
objCommand.ActiveConnection = objConnection
strFilter = "(&(objectCategory=Computer)(cn=" : strComputerName : "))"
strQuery = strBase : ";" : strFilter : ";distinguishedName;subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 100
objCommand.Properties("Cache Results") = @False
; Enumerate all objects found.
objRecordSet = objCommand.Execute
If objRecordSet.EOF
Pause( "Notice", "The computer name '" : strComputerName : "' cannot be found." )
exit
EndIf
; Found object matching name
While objRecordSet.EOF
dnFound = objRecordSet.Fields("distinguishedName")
strPathToComputer = "LDAP://" : dnFound
objRecordSet.MoveNext
EndWhile
; Clean up.
objConnection = 0
objCommand = 0
objRecordSet = 0
Return strPathToComputer
#EndFunction
; --------------------------------------------------------------------------------
; Securely access the Active Directory computer object using Kerberos
; --------------------------------------------------------------------------------
strComputerName = ''
objDSO = GetObject("LDAP:")
strPathToComputer = GetStrPathToComputer(strComputerName)
ADS_SECURE_AUTHENTICATION = 1
ADS_USE_SEALING = 64 ;0x40
ADS_USE_SIGNING = 128 ;0x80
; --------------------------------------------------------------------------------
; Get all BitLocker recovery information from the Active Directory computer object
; --------------------------------------------------------------------------------
; Get all the recovery information child objects of the computer object
objFveInfos = objDSO.OpenDSObject(strPathToComputer, "", "", ADS_SECURE_AUTHENTICATION + ADS_USE_SEALING + ADS_USE_SIGNING)
objFveInfos.Filter = "msFVE-RecoveryInformation" ;might need to be an array?
; Iterate through each recovery information object
ForEach objFveInfo in objFveInfos
strName = objFveInfo.Get("name")
strRecoveryGuidOctet = objFveInfo.Get("msFVE-RecoveryGuid")
strRecoveryGuid = ConvertOctetGuidToHexString(strRecoveryGuidOctet)
strRecoveryPassword = objFveInfo.Get("msFVE-RecoveryPassword")
Pause(strName, "msFVE-RecoveryGuid: " : strRecoveryGuid : @LF : "msFVE-RecoveryPassword: " : strRecoveryPassword )
If StrLen(strRecoveryGuid) <> 38 Then
Pause("Notice", "WARNING: '" : strRecoveryGuid : "' does not appear to be a valid GUID." )
EndIf
Next
Exit
I found the solution here is the simplified code I'm using:
AddExtender("WWADS44I.DLL")
Computer = `computername`
Company = `netBIOSname`
LDAP = StrCat(`LDAP://`,Company)
ComputerPath = dsFindPath(LDAP,StrCat(`CN=`,ComputerName))
RecoveryObjects = dsGetChldPath(ComputerPath, `msFVE-RecoveryInformation`);Find recovery information subsections
for j = 1 to ItemCount(RecoveryObjects,@TAB)
RecoveryObject = ItemExtract(j,RecoveryObjects,@TAB)
RecoveryKey = dsGetProperty(RecoveryObject, `msFVE-RecoveryPassword`)
Message(`msFVE-RecoveryPassword`,RecoveryKey)
next
Thanks for sharing your solution. Posted it to the tech database for the next user:
http://techsupt.winbatch.com/webcgi/webbatch.exe?techsupt/tsleft.web+WIL~Extenders/ADSI+BitLocker~Recovery~Key.txt