Home

Bitlocker keys not visible in Active Directory

%3CLINGO-SUB%20id%3D%22lingo-sub-843685%22%20slang%3D%22en-US%22%3EBitlocker%20keys%20not%20visible%20in%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-843685%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20enabling%20Bitlocker%20in%20our%20environment.%20I%20had%20configured%20all%20policies%20related%20to%20Bitlocker%20inside%20AD.%20For%20example%2C%20i%20configured%20Bitlocker%20to%20not%20start%20until%20recovery%20key%20backed%20up%20to%20AD.%20This%20is%20the%20policy%20about%20i%20want%20to%20ask%20something.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20want%20to%20ask%20something%20about%20this%20policy%20because%20i%20had%20an%20issue%20with%20this%20policy.%20It%20seems%20it%20not%20working%20well%20or%20i%20am%20missing%20some%20point%20in%20the%20configuration.%20Let%20me%20explain%20what%20i'm%20doing%20after%20this%20configuration%3A%3C%2FP%3E%3CP%3E-%20I%20start%20Bitlocker%20encryption%2C%20Bitlocker%20encrypt%20correctly%20the%20Hard%20Disk.%20When%20encrypt%20finish%2C%20I%20can%20see%20the%20tab%20on%20AD%20called%20%22Bitlocker%20Recovery%22%2C%20but%2C%20at%20the%20time%20I%20open%20this%20tab%20to%20request%20the%20key%20stored%20i%20get%20an%20information%20message%20%3A%20%22There%20is%20no%20elements%20on%20this%20view%2C%20To%20search%20a%20recovery%20key%20press%20right%20button%20on%20object%20domain%20...%20etc%20...%20%22.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20question%20is%2C%20i%20know%20that%20bitlocker%20can%20not%20start%20if%20key%20is%20not%20backed%20up%20on%20AD%2C%20so%20Bitlocker%20is%20correctly%20performed%20the%20encryption%20and%20the%20key%20is%20backed%20up%20on%20AD.%20For%20any%20reason%20i%20can%20not%20see%20the%20key%2C%20even%20domain%20admins%20can%20not%20see%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%2C%20how%20can%20i%20see%20this%20keys%20in%20AD%3F%20I%20need%20something%20more%2C%20maybe%20a%20plugin%3F%20a%20feature%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20running%20Windows%2010%201809%20Professional%20and%20Active%20Directory%20v%2010.0.171321.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20is%20really%20welcome.%20Thanks%20in%20advance.%26nbsp%3B%3C%2FP%3E%3CP%3ERgards.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-843685%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3E1%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ebitlocker%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ewindows%2010%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-895227%22%20slang%3D%22en-US%22%3ERe%3A%20Bitlocker%20keys%20not%20visible%20in%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-895227%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F404622%22%20target%3D%22_blank%22%3E%40Anez1987%3C%2FA%3E%3C%2FP%3E%3CP%3ECheck%20%22How%20to%20Find%20BitLocker%20Recovery%20Keys%20in%20Active%20Directory%3F%22%20on%20%3CA%20href%3D%22https%3A%2F%2Ftheitbros.com%2Fconfig-active-directory-store-bitlocker-recovery-keys%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftheitbros.com%2Fconfig-active-directory-store-bitlocker-recovery-keys%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20before%20that%20you%20find%20a%20command%20with%20which%20you%20can%20manually%20verify%20that%20everything%20works%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3Emanage-bde%20-protectors%20-adbackup%20e%3A%3C%2FPRE%3E%3C%2FLINGO-BODY%3E
Highlighted
Anez1987
Frequent Visitor

Hello, 

 

We are enabling Bitlocker in our environment. I had configured all policies related to Bitlocker inside AD. For example, i configured Bitlocker to not start until recovery key backed up to AD. This is the policy about i want to ask something.

 

I want to ask something about this policy because i had an issue with this policy. It seems it not working well or i am missing some point in the configuration. Let me explain what i'm doing after this configuration:

- I start Bitlocker encryption, Bitlocker encrypt correctly the Hard Disk. When encrypt finish, I can see the tab on AD called "Bitlocker Recovery", but, at the time I open this tab to request the key stored i get an information message : "There is no elements on this view, To search a recovery key press right button on object domain ... etc ... ". 

 

My question is, i know that bitlocker can not start if key is not backed up on AD, so Bitlocker is correctly performed the encryption and the key is backed up on AD. For any reason i can not see the key, even domain admins can not see it.

 

So, how can i see this keys in AD? I need something more, maybe a plugin? a feature?

 

I'm running Windows 10 1809 Professional and Active Directory v 10.0.171321.

 

Any help is really welcome. Thanks in advance. 

Rgards. 

1 Reply

@Anez1987

Check "How to Find BitLocker Recovery Keys in Active Directory?" on https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/

 

Just before that you find a command with which you can manually verify that everything works:

 

manage-bde -protectors -adbackup e:
Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
38 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies