none
Bitlocker protectors support sending recovery key to AD RRS feed

  • Question

  • Hi all

    I would like to deploy bitlocker to our users by using GPO, and then the recovery key will be sent back to the active directory. So may I know this deployment can work with all the below bitlocker protectors?

    - TPM Only

    - TPM with Startup Key

    - TPM with PIN

    - TPM with Startup Key and PIN

    Best regards

    Alex Tsang


    • Edited by Alex 0107 Monday, March 4, 2019 4:01 PM rephase question
    Monday, March 4, 2019 2:20 PM

All replies

  • Please rephrase your question from scratch. It is perfectly unclear what you are trying to ask, sorry.

    All I can gather is that you have in mind to deploy BL with the listed types of protectors. Yes, no matter how you do it, it will be possible to backup the recovery keys to AD - or what are you trying to ask?

    Monday, March 4, 2019 3:22 PM
  • Hi Ronald

    Sorry for the poor presentation and I rephrased it. Yes this is what I want to ask all BL protectors can support sending the recovery key to Active Directory or not.

    Best regards

    Alex Tsang

    Monday, March 4, 2019 4:05 PM
  • It will work, yes.
    Monday, March 4, 2019 4:09 PM
  • Hi,

    Thanks for posting in Microsoft TechNet Forum.

    They should support sending the recovery key to Active Directory.

    To see the information that is being stored in AD, you need to install the BitLocker Recovery Password Viewer which is a component of Remote Server Administration Tools (RSAT). Once the Viewer has been added, you can now open the Active Directory Users and Computers MMC and open the Properties page of any computer account to see the BitLocker recovery tab. There you will see all of the Recovery ID's and Passwords that have been generated for all drives encrypted by that computer.

    For more information, please refer to the following link:

    https://www.concurrency.com/blog/w/enable-bitlocker,-automatically-save-keys-to-activ

    Note: This is a third-party link and we do not have any guarantees on this website. This is just for your convenience. And Microsoft does not make any guarantees about the content.

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com



    • Edited by hurry yang Monday, March 4, 2019 6:12 PM
    • Proposed as answer by hurry yang Sunday, March 10, 2019 12:47 PM
    Monday, March 4, 2019 4:19 PM
  • Hi,
    How things are going there on this issue?
    Please let me know if you would like further assistance.

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Wednesday, March 6, 2019 1:37 PM
  • Hi,

    Is there anything else I can do to help you on this issue?

    Please feel free to contact me if you have any questions.

    Best regards,

    Hurry


    Please remember to mark the reply as an answer if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Friday, March 8, 2019 1:56 PM