KC2TC
asked on
How to save the recovery key in AD through MDT 2008
Bitlocker activation in the MDT 2008 task sequence works great! In the lite touch deployment you can check the box that will tell it to save the recovery key in AD. When the task sequence is complete and drive encryption is complete, for some reason the key is not getting stored in AD. Why isn't the lite touch deployment storing the key in AD for me? I have verified the laptop IS in the domain while the encryption is occuring. Any thoughts?
Even though i set the value in customsettings.ini file, nothing is getting refelected in the Enbale bitlocker wizard. Below are the values set in the INI file;
SkipBitLocker=NO
BDEInstallSuppress=NO
BDEDriveLetter=Q:
BDEInstall=TPM
BDERecoveryKey=AD
BDEWaitForEncryption=TRUE
Even though i set the value in customsettings.ini file, nothing is getting refelected in the Enbale bitlocker wizard. Below are the values set in the INI file;
SkipBitLocker=NO
BDEInstallSuppress=NO
BDEDriveLetter=Q:
BDEInstall=TPM
BDERecoveryKey=AD
BDEWaitForEncryption=TRUE
I found this useful as well
http://technet.microsoft.com/en-us/library/cc766015.aspx
There are some scripts which you need to run to extend the AD schema.
And even then, I remembered that the scripts were written wrongly. I had to contact the BitLocker technical support team, send them the script and had them correct it for me.
I hope times have changed....
-Kelvin
http://technet.microsoft.com/en-us/library/cc766015.aspx
There are some scripts which you need to run to extend the AD schema.
And even then, I remembered that the scripts were written wrongly. I had to contact the BitLocker technical support team, send them the script and had them correct it for me.
I hope times have changed....
-Kelvin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did the information help you?
I'm not sure if it's the same problem, but for me it was because BitLocker requires that you extend the schema in the AD.
I can't remember the exact steps I did, but this is the documentation which I followed
http://www.microsoft.com/downloads/details.aspx?FamilyID=3a207915-dfc3-4579-90cd-86ac666f61d4&displaylang=en
Hope it helps you
-Kelvin