The below PowerShell can be used to extract LAPS Passwords and BitLocker Keys from Active Directory. This was written on Friday, July 19, 2024, due to the CrowdStrike Outage: https://www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html. If you choose to test this PowerShell, ensure that you update the argument for the SearchBase parameter to reflect your Active Directory domain. The argument in the below example is set to ”DC=domain,DC=com.”

function Get-LapsAndBitLocker {
    # Version 1.0.1
    Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase 'DC=domain,DC=com' -Properties msFVE-RecoveryPassword |
        Select-Object -Property `
            @{N='ComputerName';E={$_.DistinguishedName.Split(',')[1].Split('=')[1]}},
            @{N='LapsPassword';E={(Get-ADComputer -Identity ($_.DistinguishedName.Split(',')[1].Split('=')[1]) -Properties ms-Mcs-AdmPwd).'ms-Mcs-AdmPwd'}},
            @{N='DateTime'    ;E={Get-Date -Date ($_.DistinguishedName.Split(',')[0].Split('{')[0].Split('=')[-1])}},
            @{N='BitLocker'   ;E={$_.'msFVE-RecoveryPassword'}} |
                Sort-Object -Property ComputerName
} # end function: Get-LapsAndBitLocker.

“