I have a very weird problem. I have a PowerShell script that runs during an MDT deployment task sequence. I'm using the following command to get the BitLocker recovery key so I can add it to my log
$result = Get-ADComputer $NewName -Credential $cred -Server $pdc
$BitLocker = Get-ADObject -Credential $cred -Server $pdc -SearchBase $result.DistinguishedName -Filter 'objectclass -eq "msFVE-RecoveryInformation"' -Properties msFVE-RecoveryPassword
This code works fine if I run it on a production machine using PowerShell ISE. If I look at the property values returned, I get this.
BitLocker.DistinguishedName : CN=2022-01-24T10:25:24-08:00{7D23F401-9CA5-4CA2-9EC5-9463FDB32547},...
BitLocker.msFVE-RecoveryPassword : 626241-008492-619938-120065-533005-637615-269346-477114
BitLocker.Name : 2022-01-24T10:25:24-08:00{7D23F401-9CA5-4CA2-9EC5-9463FDB32547}
BitLocker.ObjectClass : msFVE-RecoveryInformation
BitLocker.ObjectGUID : 6d1e0e81-6b5e-44ca-abd2-a901ade8eb39
but when I run the same code during the task sequence I get back this
BitLocker.DistinguishedName : CN=2022-01-24T10:25:24-08:00{7D23F401-9CA5-4CA2-9EC5-9463FDB32547},...
BitLocker.msFVE-RecoveryPassword :
BitLocker.Name : 2022-01-24T10:25:24-08:00{7D23F401-9CA5-4CA2-9EC5-9463FDB32547}
BitLocker.ObjectClass : msFVE-RecoveryInformation
BitLocker.ObjectGUID : 6d1e0e81-6b5e-44ca-abd2-a901ade8eb39
The recovery key is definitely in AD, I can see it when I look in ADUC but I can not seem to get it during the task sequence. Very bizarre. Anyone have any thoughts?