none
Bitlocker recovery key not backed up to AD RRS feed

  • Question

  • Hello guys, i have a serious issue here.

    My company has a domain with Active Directory(AD) system that tracks users and their computers. We also deploy new laptop through SCCM OS deployment to company-owned laptops. We have MBAM (Microsoft Bitlocker Administration) to enforce bitlocker encryption on all machines. All laptop's bitlocker recovery id, password is backed up to AD

    Now here comes the problem. An employee needs to reformat/reinstall his laptop through SCCM OS deployment. He backed up all his important data to a second HDD in his laptop (deployment would wipe all HDD in the laptop). That HDD is bitlocked and is set to automatically unlock on that laptop upon startup. I took the HDD out and deployed the machine through SCCM. I tried to put that HDD to another laptop using a HDD reader and the drive is bitlocked. I was able to find the recovery ID in AD, so i thought yeah, i'll just use this recovery key when i put it back to the employee's laptop. When the employee's laptop finished deploying and i put the HDD back, it showed a different recovery id. I'm not able to find that recovery ID in active directory. The HDD is now locked-dead with no ways to find the recovery id. what should i do? the user's lifelong work is inside that HDD.

    Saturday, January 13, 2018 8:30 AM

All replies

  • the change of the recovery key id was also reported here:
    BitLocker Recovery Key ID Change After Backed Up To AD
    seems you can try if the key works regardless if the Id is different.

    "the user's lifelong work is inside that HDD." something is wrong with your backup strategy.

    Saturday, January 13, 2018 12:34 PM
  • tried that before but it just said "volume is locked"
    Sunday, January 14, 2018 7:27 AM
  • Hi,

    We haven’t heard from you for a couple of days, have you solved the problem?  

    Best Regards,

    Tao


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 24, 2018 7:32 AM
    Moderator
  • Hi,

    I managed to get the recovery key back from the mbam server. Somehow the recovery key was there in the mbam server, but it's not updated to active directory.

    Thursday, January 25, 2018 7:13 AM