Once we installed MBAM 2.0 some machines started to generate a new key in AD every time the MBAM checked onto the machine. In result we have multiple recovery keys stored in AD. When the machine is checked using:
manage-bde -protectors -get C:
The system returns only one key. Is there a way to determine the "active" key, that is stored in TPM without querying the machine using the command by, only using the available data in AD?
- Moved by Brian Desmond -MVP-MVP 18 hours 53 minutes ago