locked
Cannot upload Bitlocker Keys to Active Directory RRS feed

  • Question

  • I am testing the uploading of Bitlocker recovery keys for Windows 10 machines.

    The command I am using is manage-bde –protectors –adbackup c: -ID {xxxxx}.  This works perfectly fine in our Windows 8.1 environment.  The information appears in the Bitlocker Recovery tab inside the computer object.

    When I do the same command for Windows 10, there is no information inside the Bitlocker Recovery tab.  However if I dig further, I find that there are child objects which are uploaded with type "Unknown" which reference the Bitlocker Recovery ID.  I checked the comparable child objects for Windows 8.1 computers and the type for those is "msFVE-RecoveryInformation".

    I found this link which indicates a schema extension was required for Windows 8:

    https://technet.microsoft.com/en-us/library/jj635854.aspx


    Does this mean that a schema extension is required for Windows 10 and that is why the information does not get uploaded properly?  I cannot find any scheme released yet for Windows 10.

    Thursday, February 4, 2016 12:16 AM

Answers

All replies

  • Hi,

    Since the schema extension works on Server side, you'd better to contact with Server support for this.

    On my side, I have tested to save recovery key on AD DS via GP, and it works fine for Windows 10 computer.

    My environment: Server 2012 R2

    The GP I have configured:

    https://4sysops.com/archives/active-directory-and-bitlocker-part-3-group-policy-settings/

    Would you please check this?

    Here's further information about the command one:

    https://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 5, 2016 11:18 AM
  • You skip any info about your server OS, or schema version or domain functional level... why? That is needed here.

    We run DCs on server 2008 and have no problem saving win10 BL recovery info to AD.

    Saturday, February 6, 2016 1:26 PM
  • Hi,

    Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
     
    I am proposing previous helpful replies as "Answered". Please feel free to try it and let me know the result. If the reply is helpful, please remember to mark it as answer which can benefit our Community members.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, February 16, 2016 8:03 AM