How to save the recovery key in AD through MDT 2008

Posted on 2008-11-13
Last Modified: 2013-12-12
Bitlocker activation in the MDT 2008 task sequence works great! In the lite touch deployment you can check the box that will tell it to save the recovery key in AD. When the task sequence is complete and drive encryption is complete, for some reason the key is not getting stored in AD. Why isn't the lite touch deployment storing the key in AD for me? I have verified the laptop IS in the domain while the encryption is occuring. Any thoughts?
Even though i set the value in customsettings.ini file, nothing is getting refelected in the Enbale bitlocker wizard. Below are the values set in the INI file;

Question by:KC2TC
    LVL 13

    Expert Comment

    I have had the problem as well when setting up key escrow for BitLocker.

    I'm not sure if it's the same problem, but for me it was because BitLocker requires that you extend the schema in the AD.

    I can't remember the exact steps I did, but this is the documentation which I followed

    Hope it helps you
    LVL 13

    Expert Comment

    I found this useful as well

    There are some scripts which you need to run to extend the AD schema.

    And even then, I remembered that the scripts were written wrongly. I had to contact the BitLocker technical support team, send them the script and had them correct it for me.

    I hope times have changed....

    LVL 13

    Accepted Solution

    After doing a little bit more searching, also keep in mind that if you are using Windows server 2003, you'll need to install the WIndows Server Administration Tools for SP1:

    - Kelvin
    LVL 13

    Expert Comment

    Did the information help you?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo‚Ķ
    The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
    Introduction to GIMP:  GNU Image Manipulation Program. It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now