Part 6 of 7 explains how to view the BitLocker Recovery Password in Active Directory, how to access TPM information and how to put BitLocker recovery information manually into Active Directory.

Kyle Beckman

Kyle Beckman works as a systems administrator in Atlanta, GA supporting Office 365 in higher education. He has 17+ years of systems administration experience.

Now that we’ve used BitLocker to encrypt an operating system Drive, a fixed data drive, and a removable drive, we should have recovery information for all three drives in Active Directory.

View the BitLocker Recovery Password in AD ^

To view the information, first make sure that you’ve installed the BitLocker Recovery Password Viewer. Go into Active Directory Users & Computers and view the properties of your Computer object by double-clicking on it. Go to the BitLocker Recovery tab and you should now see the recovery keys for all of the drives encrypted on the system.

View BitLocker Recovery Key in Active Directory

BitLocker Recovery Key in Active Directory

View TPM owner information in Active Directory ^

If you chose to back up the TPM owner information in Active Directory, here’s how you can find it in AD. First, you’ll need to enable Advanced Features in Active Directory Users and Computers. You can do this by clicking on the View menu and clicking Advanced Features. If Advanced Features already has a check mark by it, it is enabled.

Active Directory Advanced Features

Active Directory Advanced Features

View the Computer object properties by double-clicking on the computer name. Go to the Attribute Editor and scroll down to msTPM-OwnerInformation.

View TPM Information

View TPM Information

Put BitLocker recovery information into Active Directory manually ^

In the event you’ve got computers that have BitLocker encrypted drives and you didn’t have your Active Directory configured yet to back up that information, you can still put that information into AD. On the system that has the BitLocker encrypted drive, in a command prompt elevated with admin rights, run the command:

You should get something like this:

View BitLocker Backup Recovery Information on the command prompt

View BitLocker Backup Recovery Information on the command prompt

Notice that I’ve highlighted a section of the output. Take the ID number and run the following command:

Hopefully, you’ll see a success message:

Backup BitLocker Recovery information manually to Active Directory

Backup BitLocker Recovery information manually to Active Directory

In the event you need to do this for more than a handful of systems, there’s a great script on TechNet that will allow you to put this information into AD for Windows 7 systems.

Are you an IT pro? Apply for membership!

0
Share

4 Comments
  1. Annabel 7 years ago

    I have locked my pen drive from my windows 7 lap top and it crashed not because of this ... another reason... the point is that the lap top is being repaired and am using my old lap top which has Windows XP and I can't access the pen drive and I urgently need the info stored there... there is no option to put my password in at all... How can I access it now ...?? :-)))

    0

  2. Kyle 7 years ago

    Annabel - You may want to re-read Part 5 of the series: https://4sysops.com/archives/set-up-active-directory-for-bitlocker-part-5-bitlocker-to-go/. There should be a utility on the drive that will allow you to read the files in XP. Sorry, you'll need Windows 7 to write to the drive.

    0

  3. Annabel 7 years ago

    Dear Kyle,
    Thank you so much.... so simple and was right there under my nose... was looking into the wrong part.
    Thanks again

    0

  4. ammar hasayen 5 years ago

    Nice... I have wrote script to export recovery information
    http://ammarhasayen.wordpress.com/?s=bitlocker&submit=Search

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2019

Log in with your credentials

or    

Forgot your details?

Create Account