recover deleted Bitlocker Recovery Informations

Today I had a request from a first-level-admin which need the Bitlocker Recovery Password for a already deleted computer object. Here is what I came up with:

$compname = "ComputerName"
$SearchRoot = "CN=Deleted Objects,DC=domain,DC=local"

$recoverykeys = Get-QADObject -Tombstone -Recycled -Type "msFVE-RecoveryInformation" -SizeLimit 0 -Includedproperties msFVE-RecoveryPassword -SearchRoot $SearchRoot | ? {$_.lastknownparent -like "*$compname*"} | select msFVE-RecoveryPassword


Please note that you need to be a Domain Admin (or equivalent) to be able to read the Deleted Objects Container. The tombstones will have a lifetime, after their expiration, you can’t access anymore to the recovery passwords.