windows:client_os:backup_bitlocker_to_ad

Backup Bitlocker Recovery Key to AD

  1. Get the ID for the numerical password protector of the volume, in the example below we are using the C: drive. Run the command from an elevated command prompt.
  2. Use the numerical password protector’s ID from STEP 1 to backup recovery information to AD
    1. You should now be able to view the recovery information for the volume in the active directory.
Microsoft Windows [Version 10.0.17763.55]
(c) 2018 Microsoft Corporation. All rights reserved.
 
C:\WINDOWS\system32>manage-bde -protectors -get c:
BitLocker Drive Encryption: Configuration Tool version 10.0.17763
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
 
Volume C: [Windows]
All Key Protectors
 
    TPM:
      ID: {D03DCFF6-61C1-4F29-8097-CDDE7F9DFA3D}
      PCR Validation Profile:
        7, 11
        (Uses Secure Boot for integrity validation)
 
    Numerical Password:
      ID: {BF09418F-4DF4-41EA-BC92-68655B933AAA}
      Password:
        254166-184503-131912-450604-420409-623161-522214-261327
 
 
C:\WINDOWS\system32>manage-bde -protectors -adbackup c: -id {BF09418F-4DF4-41EA-BC92-68655B933AAA}
BitLocker Drive Encryption: Configuration Tool version 10.0.17763
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
 
Recovery information was successfully backed up to Active Directory.
 
C:\WINDOWS\system32>
  • windows/client_os/backup_bitlocker_to_ad.txt
  • Last modified: 2019/10/31 09:06
  • by 127.0.0.1