Hey Scripting guys. Here's my dilemma. We are storing BitLocker and TPM recovery information in AD. We don't use MBAM because we don't have the necessary MDOP licenses. Anyway, with Windows 7 boxes the information is all stores in the machine object attributes e.g. msFVE-RecoveryPassword, msFVE-RecoveryInformation and msTPM-OwnerInformaton. This information I can obtain and export to a .csv file. Where I'm stuck is pulling the msTMP-OwnerInformation for Windows 8 & 8.1 systems. This is because in the computer object attributes the msTPM-OwnerInformation attribute is not used to Win8/8.1. Instead the attribute msTPM-TpmInformationForComputer is used. But the information there is not really the TPM-OwnerInformation It's merely a pointer to an object in the TPM Devices container under the root of the domain. Inside that object is the actual msTPM-OwnerInformation I'm looking for.
So, how can I script-o-matically pull the needed information for both Windows 7 and Windows 8/8.1 systems and export it to a .csv for backup purposed. The information I'm looking to export is: Hostname, CN value (shows the DTS of the BL Recovery password), BitLocker PasswordID, msFVE-RecoveryPassword, msTPM-OwnerInformation, msTPM-InformationForComputer (Win8) and finally the corresponding Win8 msTPM-TpmOwnerInformation.
Any assistance will be hugely helpful
Thanks in advance