Hi all! I have an odd issue regarding the use of the Get-ADObject Powershell cmdlet to retrieve Bitlocker recovery passwords in AD. I recently wrote a function that outputs some Bitlocker information for computer objects in AD and this includes the recovery password. I wrote and tested this function on Windows 7 SP1 with RSAT and Powershell 4.0. The following command outputs the required properties:
Get-ADObject -SearchBase $Computer.distinguishedname -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -Properties msfve-recoverypassword
DistinguishedName : CN=2014-04-21T15:42:33-05:00{DE0F4423-2854-49F7-A67E-D020AE4285BC},CN=Computer,OU=Laptops,DC=domain,DC=com
msfve-recoverypassword : 347325-398764-214148-283921-222904-575740-157267-411976
Name : 2014-04-21T15:42:33-05:00{DE0F4423-2854-49F7-A67E-D020AE4285BC}
ObjectClass : msFVE-RecoveryInformation
ObjectGUID : 23b04f9a-4afb-437b-a143-17f0ae7bc5d6
PropertyNames : {DistinguishedName, msfve-recoverypassword, Name, ObjectClass...}
PropertyCount : 5However, when I use the same command on Windows 8.1 I do not get the msfve-RecoveryPassword in the output:
Get-ADObject -SearchBase $Computer.distinguishedname -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -Properties msfve-recoverypassword
DistinguishedName : CN=2014-04-21T15:42:33-05:00{DE0F4423-2854-49F7-A67E-D020AE4285BC},CN=Computer,OU=laptops,DC=domain,DC=com
Name : 2014-04-21T15:42:33-05:00{DE0F4423-2854-49F7-A67E-D020AE4285BC}
ObjectClass : msFVE-RecoveryInformation
ObjectGUID : 23b04f9a-4afb-437b-a143-17f0ae7bc5d6
PropertyNames : {DistinguishedName, Name, ObjectClass, ObjectGUID}
AddedProperties : {}
RemovedProperties : {}
ModifiedProperties : {}
PropertyCount : 4Does anyone know why this doesn't work in Windows 8.1? Please also note that Windows 8.1 has UAC enabled and the Windows 7 machine I tested on did not. However, in Windows 8.1 the console is launched as administrator. Could UAC play a part in this? Thanks!