We have admin groups that may need access to keys from laptops in our deleted group sometime in the future. We would prefer to just export out the key of every machine rather than maintain a server for an unknown amount of time. Ideally, the keys would be exported out as [machine name]_ [machine id].sdb or something like that, and we can just secure those in an encrypted fileshare.
Is there any scripted means to export the key details from nearly 100k systems (size of the deleted group).
This would be ahead of the planned product upgrade. The intent is to be able to unlock any of the older systems found in the deleted group in the event of any forensic or legal need. The encrypted systems are still physically present.