Put BitLocker Recovery key to Active Directory manually
Hello, I want to put Recovery Key to Active Directory from user computer manually(not automaticly). Can you help me with this? Thanks,
June 14th, 2011 5:04am

If anyone interested in this, I found a solution. Copy the below text and then save it as .vbs file. Option Explicit Dim strNumericalKeyID Dim strManageBDE,strManageBDE2 Dim oShell Dim StrPath Dim StdOut, strCommand Dim Result, TPM, strLine Dim Flag, NumericalKeyID Set oShell = CreateObject("WSCript.Shell") '==================================================================================== 'This section looks for the Bitlocker Key Numerical ID strManageBDE = "Manage-BDE.exe -protectors -get c:" 'Bitlocker command to gather the ID Flag = False Set Result = oShell.Exec(strManageBDE)'sees the results and places it in Result Set TPM = Result.StdOut 'Sets the variable TPM to the output if the strManageBDe command While Not TPM.AtEndOfStream strLine = TPM.ReadLine 'Sets strLine If InStr(strLine, "Numerical Password:") Then ' This section looks for the Numerical Password Flag = True End If If Flag = True Then If InStr(strLine, "ID:") Then 'This section looks for the ID NumericalKeyID = Trim(strLine)' This section trims the empty spaces from the ID {} line NumericalKeyID = Right(NumericalKeyID, Len(NumericalKeyID)-4) Flag = False 'Stops the other lines from being collected End If End If Wend strManageBDE2 = "Manage-BDE.exe -protectors -adbackup C: -ID " & NumericalKeyID oShell.Run strManageBDE2, 0, True 'Runs the Manage-bde command to move the numerical ID to AD. Open elevated command prompt and execute the script from command line ant it will back up the recovery password to AD.
Free Windows Admin Tool Kit Click here and download it now
June 14th, 2011 10:11am

Hi, Thanks for your update. I will mark your replay as "Answered".Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
June 16th, 2011 5:41am

Hi, Your method is looking good, Can u explain me the complete method .. Thanks..
Free Windows Admin Tool Kit Click here and download it now
November 16th, 2011 7:57am

The VB script isn't working for me, but if I run Manage-BDE.exe from the root of C: or from C:\Windows I get the error message "Manage-BDE.exe is not recognized as an internal or external command" I looked around and was unable to find Manage-BDE.exe on this user's workstation. Shouldn't it be there? Would he have had to have deleted the bit locker files? Is drive is supposed to be encrypted, but he's at a remote site so it's hard to tell.
May 16th, 2012 5:01pm

On my last post I finally got the script to work by copying Manage-BDE.exe to the employees C:\Windows\System32 on the employees computer. He said he double clicked on the .vbs file made from the above script. I'm now trying to run above VB script on another employees computer. I verified Manage-BDE.exe is in C:\Windows\System32. I placed the file in a Downloads folder on the root of C:. I have navigated to the Downloads folder and now I'm trying to run: cscript.exe c:\downloads\bitlockerkey.vbs I get the error C:\Downloads>cscript BitLockerKey.vbs Microsoft (R) Windows Script Host Version 5.8 Copyright (C) Microsoft Corporation. All rights reserved. C:\Downloads\BitLockerKey.vbs(22, 5) WshShell.Exec: The system cannot find the file specified. What am I doing wrong? How do I get rid of the error "C:\Downloads\BitLockerKey.vbs(22, 5) WshShell.Exec: The system cannot find the file specified." ? Update: It looks like the issue may be because we are using Windows 7 64bit, but I'm still working on figuring out how to resolve the issue.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2012 5:37pm

That script comes from this TechNet Blog: http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx. It also has information on running the commands manually.
May 25th, 2012 3:45pm

I think your problem is that script it is expecting to find "Manage-BDE.exe " in same location where the script is. Either put the script in the same location 'C:\Windows\System32" and run it from here or change the code to tell the script where to find "Manage-BDE.exe" strManageBDE = "C:\Windows\System32\Manage-BDE.exe -protectors -get c:" 'Bitlocker command to gather the ID
Free Windows Admin Tool Kit Click here and download it now
May 26th, 2012 1:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics