BitLocker, How to recover BitLocker key using Active Directory Users & Computers
BitLocker is a Windows-specific disk encryption scheme. Keys can be stored and retrieved from Active Directory using a common program available on Windows systems.
University of Illinois IT Pros leveraging Active Directory to store BitLocker keys
General InformationThis article describes the steps an IT Pro can take to recover a BitLocker key stored in Active Directory.
You will need
- to be a member of your unit's BitLocker recovery admins group. This needs to be requested from the AD Group.
- to be an OU admin (meaning you are listed in the OU admin group for the unit)
- a Windows workstation with Active Directory Users & Computers installed (install directions, Microsoft's downloads).
- Find the AD computer object representing the machine using Active Directory Users and Computers.
- Right-click on the computer object, select Properties
- Click the Bitlocker Recovery tab
- Identify the correct recovery password using the Password ID which should match the Bitlocker prompt on the workstation.