When usig BitLocker, it’s extremely important to save the recovery information on Active Directory. To do this, you need to enable a policy called “Store BitLocker recovery information in Active Directory Domain Services”. However, sometimes BitLocker fails to save the key to AD. This is a very annoying situation since it leaves the respective machines with the drive locked and users don’t have access to recovery passwords. To avoid such situations, follow the instructions listed below to make sure that BitLocker saves your recovery keys to AD.
How to backup BitLocker recovery key to AD
1. Make sure the Group Policy setting to save the key to AD is enabled
Also, make sure that the client is a member of the OU and the BitLocker group policies apply to the respective OU.
2. Get the ID for the numerical password protector
To do this, you need to open an elevated Command Prompt, enter the following command and hit Enter: manage-bde -protectors -get c: In the example above, the C: drive is used. Of course, you need to replace the C: with the letter of the drive that you use. Once you hit Enter, a list will appear in CMD and there you will find an ID and password for the Numerical Password protector.
3. Backup recovery information to AD
To enable backup recovery information to AD, enter this CMD command: manage-bde -protectors -adbackup c: -id {…} Replace the dots in the brackets with the ID of Numerical Password protector that you obtained at step 1. The recovery information for the volume in the active directory should now be visible. We hope this helps. Also, if you found other solutions to enable BitLocker key saving to AD or fix BitLocker key backup issues, use the comments below to let us know. RELATED STORIES TO CHECK OUT:
How to turn off BitLocker in Windows 10, 8.1 or 7 Fix: Failed to unlock with this recovery key BitLocker error How to fix a Bitlocker fatal error during startup
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ