Get Bitlocker Recovery Key From Active Directory -

If you do not have the GUI extension installed or prefer working in the console, you can query Active Directory directly for the raw attributes. Option A: Query a Specific Computer

$keyID = "6B6B6B6B" Get-ADObject -Filter ObjectClass -eq 'msFVE-RecoveryInformation' -SearchBase "OU=Workstations,DC=domain,DC=com" -Properties msFVE-RecoveryPassword,msFVE-RecoveryGuid | Where-Object $_.Name -match $keyID | Select-Object msFVE-RecoveryPassword get bitlocker recovery key from active directory

This assumes your organization enabled BitLocker recovery key backup to AD. If you haven’t, check your Group Policy: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Choose how BitLocker-protected operating system drives can be recovered. If you do not have the GUI extension

Locate the matching (the first 8 digits displayed on the user's locked BitLocker screen) and copy the associated 48-digit recovery password. DC=com" -Properties msFVE-RecoveryPassword