Store Bitlocker Recovery Password in AD
Using the command, manage-bde store the recovery key for Bitlocker within Active Directory. There’s GPOs to do this but this is the quick and dirty way to make it happen.
The following commands must be run within an administrator console.
To get the ID needed to store the recovery key.
1
manage-bde -protectors -get c:
Look for something similar:
1
2
3
4
Numerical Password:
ID: {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}
Password:
XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX
To store the recovery key in AD. Copy the numerical password ID and paste it in between the curly backets of the -id flag.
1
manage-bde -protectors -adbackup c: -id '{}'
If successful, you will recieve a message saying that the recovery information was successfully stored.
This post is licensed under
CC BY 4.0
by the author.