Bitlocker Recovery Key via ADOn May 9, 2018 by TechTips
To view recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator. In addition, to use the BitLocker Recovery Password Viewer, the following requirements must be met:
- The domain must be configured to store BitLocker recovery information.
- The computers protected by BitLocker must be joined to the domain.
- BitLocker Drive Encryption must have been enabled on the computers.
Bitlocker Recovery Password viewer for Active Directory
Retrieving a BitLocker key from Active Directory involves using the BitLocker Recovery Password Viewer for Active Directory Users and Computers tool. This tool allows you to locate and view BitLocker recovery passwords, assuming that you have Domain Administrator privileges in the domain in which the password is stored and the passwords are archived in AD. You can obtain this tool from Microsoft’s website here:
The tool is not included with Windows Server 2008 or Windows Vista by default. So although you can archive BitLocker keys to AD, there isn’t any way to retrieve them unless you download and install this tool.
After you have installed it but before you actually run the tool on a DC for the first time, it is important that you run the command
The tool itself modifies Active Directory Users and Computers so that when you view a computer account’s properties, there will be a BitLocker Recovery Tab that lists BitLocker recovery passwords associated with the computer account.
The following procedures describe the most common tasks performed by using the BitLocker Recovery Password Viewer.
To view the recovery passwords for a computer
- In Active Directory Users and Computers, locate and then click the container in which the computer is located.
- Right-click the computer object, and then click Properties.
- In the Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery passwords that are associated with the particular computer.
To copy the recovery passwords for a computer
- Follow the steps in the previous procedure to view the BitLocker recovery passwords.
- On the BitLocker Recovery tab of the Properties dialog box, right-click the BitLocker recovery password that you want to copy, and then click Copy Details.
- Press CTRL+V to paste the copied text to a destination location, such as a text file or spreadsheet.
To locate a recovery password
- In Active Directory Users and Computers, right-click the domain container, and then click Find BitLocker Recovery Password.
- In the Find BitLocker Recovery Password dialog box, type the first eight characters of the recovery password in the Password ID (first 8 characters) box, and then click Search.
- Adobe Acrobat
- BES Server
- Control Guard
- Data Recovery
- Document Template
- Email Template
- Enterprise Services
- Home Assistant
- Home Automation
- Log Off
- Mobile / 3G
- Multifunction Printers
- Objectives and KPI's
- Operating Systems
- Outlook 2007
- Outlook 2010
- PGP Encryption
- Port/Device Control
- Printers & Imaging
- RSA Security Console
- Social Media
- Support Apps
- Two-Step Verification
- Web and Internet
- XAMPP – Apache
address automatic complete Avaya Backup basic Blackberry Blackberry Enterprise Server CCNA cisco commands config configuration Desktop Support email Email Signature Email Template Error Exchange Facebook Factory Defaults feature file Fix How to KPI Laptop Microsoft Office Outlook 2007 Microsoft Outlook Outlook Outlook 2007 Outlook 2010 password security Phishing Phishing Scams router S.M.A.R.T Security start Startup/Shutdown Template Tips troubleshooting windows Windows 7 Windows XP