BitLocker Recovery Key backup to AD
We've started our OSD Deployment of Windows 7 and BitLocker. When we deploy a machine using our SCCM Task sequence which includes turning on the TPM, taking ownership and then kicking off the BitLocker encryption the key propagates into AD with no issues. However if we just enable Bitlocker using the wizard they key is not showing up in AD. We have the all the correct GPO's enforced, but I just can't figure out why they are not showing up. Is there a way to manually enter the information into AD? -Craig
May 31st, 2011 3:13pm

In order to view the bitlocker recovery information using ADUC do this. 1. Make sure you are logged in with domain admin credentials. 2. Open ADUC 3. In View, make sure "advance features" and "computer, users groups as Containers" is checked. Now when you select the computer object in left pane and on right side you should see msFVE-RecoveryInformation. If you do not see this, that means GPO were not applied to client or the client machine is not in the correct OU. Use the script in my blog to escrow keys to AD. http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx Hope it helps.Manoj Sehgal
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2011 2:11am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics