Tech Community Live: Windows edition
Jun 05 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

BitLocker via SCCM: Keys disappeared from AD

Copper Contributor

Hi!

Hope everyone is well.

I recently deployed a BitLocker policy via SCCM. BitLocker was previously deployed using MBAM server. I configured the Group Policy to save keys in AD. For machines that had already had their drives encrypted, I deployed a script via SCCM to capture these and upload them to AD.

 

Keys began to upload and everything was looking great. I checked a few users, myself included, and those keys that were not there appeared after the script deployment.

I've checked AD a week later and the keys are no longer present in AD.

The keys exist on the SCCM DB but they are encrypted so I can't use them.

 

Question 1: Is there any reason the keys would disappear from AD?

 

Question 2: Is there another way to view the recovery keys? Directly from SCCM for example?

Thanks

0 Replies