Active Directory 2012

Active Directory – Get Last logon using Powershell

During an Active Directory migration, I needed to do an inventory of the computers to migrate. Because some computers do not exist anymore but not removed from Active Directory. I created a Powershell script based on the Last Logon Timestamp property.

CSV file from the script

CSV file from the script

This powershell script creates a CSV file with the computer name, the last logon property and the operating system. Some domains were based on Windows Server 2003 or 2008, I could not use Active Directory commandlets, so I used the LDAP Search.

Continue reading

Active Directory 2012

Active Directory – How to display Bitlocker Recovery Key

When Bitlocker is enabled on workstation/ laptop in your entreprise, you must have a solution to get the recovery key of the hard drive. In some cases, Bitlocker can prompt to the user the Recovery key if it detects a specific behavior like partition changes.

The easiest solution is to use Active Directory Users And Computers console. This can only be possible if you set in the GPO to store Recovery Key into Active Directory.

With Active Directory Users And Computers, we can:

  • Display Bitlocker Recovery key for one computer.
  • Search in all Active Directory for a Password ID.
  • Delegate Rights to display confidential information.

Continue reading