Hi, We are in the process of cleaning out about 20K stale computer accounts from our domain. Some of these computer accounts have BitLocker recovery keys associated with them and we would like to archive those keys prior to deleting the computer accounts. Our thought is that it would be great to be able to port them into a SQL dbase or something so that they can be easily searchable should they be needed. I have heard that MSFT has a tool that will do this - is this tool available to the public? Or is there a similar tool that you could point me to? I've found some scripts online that will tell me if a computer account has a BitLocker recovery key associated with it, but not one that will actually extract the key and save it to a dbase. Thank you!

I think you might the user state migration tool. USMT 4.0 But this tool is for each individual account. So you're in a pickle there. you have to centralize it somehow. But I think the recovery keys are contained in certificates. So you might need to use the cipher tool. That is all have of the top my head. But i think if you haev an encryption recovery agent installed on that domain then you can use that, instead of each individual key. I thin what you're trying to do might be redundant. Check out the Win7 certs they teach in more detail about this.The Computer Manual

Hi, Thank you for your response. We have enabled a Data Recovery Agent for our domain, but that didn't happen until around April 20th of this year. The computer accounts we are removing are all much, much older than that. Granted, it is unlikely that a user will need to unlock an old HDD from a computer that is no longer being used, but since the chance exists we feel it will be important to archive the recovery keys. Either way, the USMT doesn't sound like the option we're looking for.

Hi all, A coworker sent this to me: http://keyrecoverytool.codeplex.com/ It's the tool I was looking for! :-)