BitLocker, How to recover BitLocker key using Active Directory Users and Computers


BitLocker is a Windows-specific disk encryption scheme. Keys can be stored and retrieved from Active Directory using a common program available on Windows systems.

For a user's personal device that is not domain-joined, please have them login to the Microsoft 365 Devices portal, have them select their device, then select 'View Bitlocker Keys'.


Windows Computers

Intended Audience

University of Illinois IT Pros leveraging Active Directory to store BitLocker keys

General Information

This article describes the steps an IT Pro can take to recover a BitLocker key stored in Active Directory.

You will need


  1. Find the AD computer object representing the machine using Active Directory Users and Computers.

  2. Right-click on the computer object, select Properties
    Open the computer object properties

  3. Select the BitLocker Recovery tab

  4. Identify the correct recovery password using the Password ID which should match the BitLocker prompt on the workstation.
    Navigate to the BitLocker Recovery tab

Contact the EPS team

KeywordsADUC encryption Windows "active directory users and computers" "active directory users & computers" BitLocker   Doc ID81568
OwnerActive D.GroupUniversity of Illinois Technology Services
Created2018-04-11 15:31:50Updated2024-05-06 12:27:22
SitesUniversity of Illinois Technology Services
Feedback  9   10