Retrieving msFVE-RecoveryPassword

Started by therkilt, May 13, 2014, 09:16:08 AM

Previous topic - Next topic

therkilt

I'm trying to identify how to retrieve the BitLocker recovery key stored in the msFVE-RecoveryPassword Property of the msFVE-RecoveryInformation class for the sub object of the computer object in ADSI Edit.  Does anyone know the ADSI options to use to get this key?

Thanks.

Deana

Here is a TOTALLY UNDEBUGGED code sample based on the code found here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/48efa024-e9ce-4c81-bd57-04d51c8f7417/dsquery-to-get-msfverecoverypassword?forum=winserverDS


Code (winbatch) Select

;TOTALLY UNDEBUGGED and UNTESTED
; --------------------------------------------------------------------------------
; Helper function: Convert the octet GUID string (byte array) to a hex string
; --------------------------------------------------------------------------------
;Reference: http://blogs.msdn.com/ericlippert/archive/2004/05/25/141525.aspx
#DefineFunction HexByte(b)
      AddExtender("wilx44i.dll",0,"wilx64i.dll"); WILX EXTENDER
      HexByte = StrFixLeft( xHex(b), 0, 2 )
#EndFunction

#DefineFunction ConvertOctetGuidToHexString(ByteArray)
  Binary = ArraytoStr(ByteArray)
  S = "{"
  S = S & HexByte(AscB(MidB(Binary, 4, 1)))
  S = S & HexByte(StrSub(StrSub(Binary, 4, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 3, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 2, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 1, 1)),1,1)

  S = S & "-" 
  S = S & HexByte(StrSub(StrSub(Binary, 6, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 5, 1)),1,1)
  S = S & "-" 
  S = S & HexByte(StrSub(StrSub(Binary, 8, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 7, 1)),1,1)
  S = S & "-" 
  S = S & HexByte(StrSub(StrSub(Binary, 9, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 10, 1)),1,1)
  S = S & "-"
  S = S & HexByte(StrSub(StrSub(Binary, 11, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 12, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 13, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 14, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 15, 1)),1,1)
  S = S & HexByte(StrSub(StrSub(Binary, 16, 1)),1,1) 
  S = S & "}"
  Return S
#EndFunction


; --------------------------------------------------------------------------------
; Get path to Active Directory computer object associated with the computer name
; --------------------------------------------------------------------------------
#DefineFunction GetStrPathToComputer(strComputerName)

    ; Uses the global catalog to find the computer in the forest
    ; Search also includes deleted computers in the tombstone

    objRootLDAP = ObjectGet("LDAP://rootDSE")
    namingContext = objRootLDAP.Get("defaultNamingContext") ; e.g. string dc=fabrikam,dc=com   

    strBase = "<GC://" : namingContext : ">"

    objConnection = CreateObject("ADODB.Connection")
    objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOOBject"
    objConnection.Open( "Active Directory Provider" )
    objCommand.ActiveConnection = objConnection

    strFilter = "(&(objectCategory=Computer)(cn=" :  strComputerName : "))"
    strQuery = strBase : ";" : strFilter  : ";distinguishedName;subtree"

    objCommand.CommandText = strQuery
    objCommand.Properties("Page Size") = 100
    objCommand.Properties("Timeout") = 100
    objCommand.Properties("Cache Results") = @False

    ; Enumerate all objects found.

    objRecordSet = objCommand.Execute
    If objRecordSet.EOF
      Pause( "Notice", "The computer name '" :  strComputerName : "' cannot be found." )
      exit
    EndIf

    ; Found object matching name
    While objRecordSet.EOF
      dnFound = objRecordSet.Fields("distinguishedName")
      strPathToComputer = "LDAP://" : dnFound
      objRecordSet.MoveNext
    EndWhile

    ; Clean up.
    objConnection = 0
    objCommand = 0
    objRecordSet = 0

    Return strPathToComputer
#EndFunction


; --------------------------------------------------------------------------------
; Securely access the Active Directory computer object using Kerberos
; --------------------------------------------------------------------------------
strComputerName = ''
objDSO = GetObject("LDAP:")
strPathToComputer = GetStrPathToComputer(strComputerName)

ADS_SECURE_AUTHENTICATION = 1
ADS_USE_SEALING = 64 ;0x40
ADS_USE_SIGNING = 128 ;0x80


; --------------------------------------------------------------------------------
; Get all BitLocker recovery information from the Active Directory computer object
; --------------------------------------------------------------------------------
; Get all the recovery information child objects of the computer object
objFveInfos = objDSO.OpenDSObject(strPathToComputer, "", "", ADS_SECURE_AUTHENTICATION + ADS_USE_SEALING + ADS_USE_SIGNING)
objFveInfos.Filter = "msFVE-RecoveryInformation"  ;might need to be an array?

; Iterate through each recovery information object
ForEach objFveInfo in objFveInfos

   strName = objFveInfo.Get("name")

   strRecoveryGuidOctet = objFveInfo.Get("msFVE-RecoveryGuid")
   strRecoveryGuid = ConvertOctetGuidToHexString(strRecoveryGuidOctet)

   strRecoveryPassword = objFveInfo.Get("msFVE-RecoveryPassword")

   Pause(strName, "msFVE-RecoveryGuid: " : strRecoveryGuid : @LF : "msFVE-RecoveryPassword: " : strRecoveryPassword )
   
   If StrLen(strRecoveryGuid) <> 38 Then
      Pause("Notice", "WARNING: '" : strRecoveryGuid : "' does not appear to be a valid GUID." )
   EndIf
Next

Exit
Deana F.
Technical Support
Wilson WindowWare Inc.

therkilt

I found the solution here is the simplified code I'm using:
Code (winbatch) Select

AddExtender("WWADS44I.DLL")
Computer = `computername`
Company = `netBIOSname`
LDAP = StrCat(`LDAP://`,Company)
ComputerPath = dsFindPath(LDAP,StrCat(`CN=`,ComputerName))
RecoveryObjects = dsGetChldPath(ComputerPath, `msFVE-RecoveryInformation`);Find recovery information subsections
for j = 1 to ItemCount(RecoveryObjects,@TAB)
RecoveryObject = ItemExtract(j,RecoveryObjects,@TAB)
RecoveryKey = dsGetProperty(RecoveryObject, `msFVE-RecoveryPassword`)
Message(`msFVE-RecoveryPassword`,RecoveryKey)
next

Deana

Deana F.
Technical Support
Wilson WindowWare Inc.