I have found this Powershell script and am having trouble modifying it to only pull Computer objects that do not have a BitLocker Key stored in AD. IThis script pulls all computers but I am struggling to sort out computers with keys. Any help would be appreciated Thanks in advance.
Powershell:
Get-ADComputer -Filter 'ObjectClass -eq "computer"' -SearchBase "OU=Asia,OU=Branches,DC=corp,DC=company,DC=com" | foreach-object {
$Computer = $_.name
#Check if the Computer Object exists
$Computer_Object = Get-ADComputer -Filter {cn -eq $Computer} -Property msTPM-OwnerInformation, msTPM-TpmInformationForComputer
if($Computer_Object -eq $null){
Write-Host "Error..."
}
#Check if the computer object has had a BitLocker Recovery Password
$Bitlocker_Object = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $Computer_Object.DistinguishedName -Properties 'msFVE-RecoveryPassword' | Select-Object -Last 1
if($Bitlocker_Object.'msFVE-RecoveryPassword'){
$BitLocker_Key = $BitLocker_Object.'msFVE-RecoveryPassword'
}else{
$BitLocker_Key = "none"
}
#Display Output
$strToReport = $Computer + "," + $BitLocker_Key
Write-Host $strToReport
#Save to Report
$strToReport | Out-File C:\temp\Report.txt -append
}