BitLocker, How to recover BitLocker key using Active Directory Users & Computers
This article describes the steps an IT Pro can take to recover a BitLocker key stored in Active Directory.
BitLocker is a Windows-specific disk encryption scheme. Keys can be stored and retrieved from Active Directory using a common program available on Windows systems.
You will need
- to be a member of your unit's BitLocker recovery admins group. This needs to be requested from the AD Group.
- to be an OU admin (meaning you are listed in the OU admin group for the unit)
- a Windows workstation with Active Directory Users & Computers installed (install directions, Microsoft's downloads).
- Find the AD computer object representing the machine using Active Directory Users and Computers.
- Right-click on the computer object, select Properties
- Click the Bitlocker Recovery tab
- Identify the correct recovery password using the Password ID which should match the Bitlocker prompt on the workstation.