Finding Bitlocker Recovery Key In Active Directory

Depending on whether you have the computer name or just the Recovery ID, you can use the following methods. 1. Using Active Directory Users and Computers (ADUC)

: Click the BitLocker Recovery tab. You will see a list of recovery passwords associated with that device. finding bitlocker recovery key in active directory

| Action | Recommendation | |--------|----------------| | | Limit to Helpdesk, IT Security, Domain Admins. Use AD delegation. | | Auditing | Enable success/failure auditing on msFVE-RecoveryPassword read events. | | Backup keys elsewhere | AD is not a backup. Export keys regularly with PowerShell. | | After recovery | Rotate the protector: manage-bde -protectors -add -recoverypassword c: and delete old key from AD. | Depending on whether you have the computer name

# Import AD module Import-Module ActiveDirectory You will see a list of recovery passwords

Tip: Match the (the first 8 characters shown on the user's BitLocker recovery screen) with the ID listed in the tab to ensure you have the correct key. Method 2: Searching by Password ID