I got my laptop Dell Inspiron suddenly crushed yesterday. When I restart it, it asks for BitLocker Recovery key and below it provides 8 digits of Key ID. I remembered backing up my BitLocker recovery key to AD, how do I retrieve BitLocker key from AD now?
After enable Active Directory BitLocker Management, of course you can manage your BitLocker keys in ad. Here I will introduce few ways to view BitLocker recovery key in Active Directory for you.
1. Ascertain you have domain administrator privileges.
2. The BitLocker recovery information has successfully configured.
3. The BitLocker-protected computers have been joined to the domain.
There are various Active Directory features for BitLocker. BitLocker Recovery Password Viewer Utility is included in Remote Server Administration Tools (RSAT), which is the extension of Active Directory Users and Computers Microsoft Management Console (MMC) snap-in.
When find BitLocker recovery key in active directory, assure that you’ve installed both BitLocker Recovery Password Viewer and BitLocker Drive Encryption Tools in "Feature" panel of Add Roles and Features Wizard.
To find BitLocker Keys, follow the steps:
Step 1 In Active Directory User and Computers, click the "Computer" container.
Step 2 Then right-click on the computer object, choose "Properties".
Step 3 Click on BitLocker Recovery tab, to view the list of all BitLocker recovery keys on the computer.
Note: After a PC joins the domain and enables BitLocker encryption on disks with TPM chips, recovery keys will be automatically uploaded to the domain controller. However, for disks encrypted with BitLocker before joining the domain/applying group policies, recovery keys need to be manually uploaded to the domain.
Step 1 In "Properties" dialog, and "BitLocker Recovery" tab, right click on the BitLocker recovery key to copy, then click "Copy Details".
Step 2 Press <Ctrl + V> to paste the copied text to target location, such as text files.
Step 1 Right-click on the Windows logo key, then select "Windows PowerShell (Admin)".
Step 2 Run the Following three commands:
$objComputer = Get-ADComputer PCNAME
$Bitlocker_Object = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $objComputer.DistinguishedName -Properties 'msFVE-RecoveryPassword'
$Bitlocker_Object
Note: Remember to replace the "PCNAME" with the computer name that relates to the BitLocker Recovery key.
Step 1 Right-click on Domain, choose "Find BitLocker recovery password"
Step 2 In dialog, Enter the first 8 characters of the recovery password in "Password ID". Then click on the Search button.
Step 3 It will list the matching BitLocker recovery key in your AD.
With BitLocker recovery key backed up to Azure AD, Azure Key Vault allows you to manage and securely store recovery keys for encrypted disks. Users can find their laptop BitLocker recovery keys in the "Profile" section after logging into Active Directory Windows Azure Website .
The BitLocker recovery keys can be stored in Active Directory Domain Services (AD DS), if your device has already joined to the Active Directory domain.
Lydia
The integration of BitLocker with Active Directory provides robust protection for data, and simplify the BitLocker encryption management task.
Lydia
BitLocker is a disk encryption feature included with Windows, designed to protect data by providing encryption for entire volumes. Hardware-based encryption mode, also known as OPAL encryption.
Benjamin
Enabling BitLocker encryption on a virtual machine is similar to doing so on a physical computer, but it requires consideration of virtualization environment specifics.
Lydia
