This is a script I wrote to automatically return the numerical password and import the BitLocker information into Active Directory.
This is especially useful if you implement BitLocker on the clients before you set up Active Directory. Caveat, the script will need to run as a user that has been delegated access to AD. The System Account will not work for this. So, the script can either be run locally…or using a service account, a service account that can be specified on the LANDesk package in the LANDesk Console under Accounts.
The commands
manage-bde -protectors -get c:
manage-bde -protectors -adbackup c: -id PUT_ID_HERE
Script
* remove the pause if added to LANDesk
@echo off
setlocal ENABLEDELAYEDEXPANSION
set MyVar=
REM DISPLAY CURRENT BITLOCKER RECOVERY INFORMATION
manage-bde -protectors -get c:
REM PRIMARY EXTRACTION METHOD
for /f “skip=4 tokens=2 delims=:” %%g in (‘”manage-bde -protectors -get c:”‘) do set MyVar=%%g
echo %MyVar%
REM IMPORT BITLOCKER INFO INTO AD
manage-bde -protectors -adbackup c: -id%MyVar%
pause
REM EXIT
set MyVar=
exit /b 0
rem NOT NEEDED AT THIS TIME
rem secondary extraction method
rem return protector id
for /f “skip=4 tokens=2 delims=:” %%g in (‘”manage-bde -protectors -get c:”‘) do (
set /a X+=1
set MyVar!X!=%%g
)
rem import protector id into ad
echo %MyVar2%
manage-bde -protectors -adbackup c: -id%MyVar2%
pause
Reference
http://technet.microsoft.com/en-us/library/cc771778(WS.10).aspx#BKMK_AppendixA
LANDesk, Active Directory, Bitlocker