BitLocker, How to recover BitLocker key using Active Directory Users and Computers

Overview

BitLocker is a Windows-specific disk encryption scheme. Keys can be stored and retrieved from Active Directory using a common program available on Windows systems.

Systems

Windows Computers

Intended Audience

University of Illinois IT Pros leveraging Active Directory to store BitLocker keys

General Information

This article describes the steps an IT Pro can take to recover a BitLocker key stored in Active Directory.

You will need

to be a member of your unit's BitLocker recovery admins group. This needs to be requested from the AD Group.
to be an OU admin (meaning you are listed in the OU admin group for the unit)
a Windows workstation with Active Directory Users & Computers installed (install directions, Microsoft's downloads).

Steps

Find the AD computer object representing the machine using Active Directory Users and Computers.
Right-click on the computer object, select Properties
Select the BitLocker Recovery tab
Identify the correct recovery password using the Password ID which should match the BitLocker prompt on the workstation.

Contact the EPS team

Keywords	ADUC encryption Windows "active directory users and computers" "active directory users & computers" BitLocker Suggest keywords	Doc ID	81568
Owner	EPS Distribution List .	Group	University of Illinois Technology Services
Created	2018-04-11 15:31 CDT	Updated	2022-04-11 15:09 CDT
Sites	University of Illinois Technology Services
Feedback	9 10 Comment Suggest a new document Subscribe to changes