- Mon, Oct 12 2020 at 3:54 am #1558666
- Mon, Oct 12 2020 at 3:59 am #1558667
enabling Bitlocker has no impact on domain functionality. You can have DCs with Bitlocker enabled on less secure locations and you can have DCs without Bitlocker.
- Mon, Oct 12 2020 at 5:48 am #1558670
what I have mentioned is the feature name for Windows Server to enable the Recovery Keys writing within the AD Computer Ojbects.
The customer needs to archive the recovery keys within AD.
- Mon, Oct 12 2020 at 6:35 am #1558674
OK, I understand your question differently. Nothing is required to be installed on the DC. BitLocker is integrated with AD. The only thing you need to do is to enable a GPO settings, more details here:
Then to view the passwords you need a Viewer, details here:
- Mon, Oct 12 2020 at 11:39 pm #1558693
many thanks for your feedback but what about the BitLocker Drive Encryption Feature?
Surfing the web I have read as follows:
“Starting from Windows Server 2008, these attributes are available by default, but still require an additional configuration for further functioning. In the schema version of Windows Server 2012 and newer, this feature works “out of the box”. The same is applicable to the computers running the newest Windows Server 2019 build.” (https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/)
Thanks a lot.
- Mon, Oct 12 2020 at 11:43 pm #1558694
You only need to install the feature if you want to encrypt that computer/server. It has nothing in common with AD at all.
As from what you shared, if your have AD forest level on Win 2012 or higher you dont need to do anything with AD.
As always – you should have a test environment (at least a VM on your PC) and try things there first.1+
- Wed, Oct 14 2020 at 8:24 am #1558746
- Mon, Oct 19 2020 at 2:30 am #1558783
if you have all DCs 2012 R2 then you could simply raise the forest/domain level to Windows 2012. Please note this is irreversible operation.
- You must be logged in to reply to this topic.