Link to home
Start Free TrialLog in
Avatar of WPincusIT
WPincusIT

asked on

Bitlockerand Active Directory

My firm’s computers upload Bitlocker keys to Active Directory but when I launch the AD Users and Computers MMC how can I view them?
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Bitlocker keys are not part of active directory.  They are stored in the file systems wherever you specified during the process
Avatar of btan
btan

To clarify, you backup key that is protected by recovery information instead e.g. Recovery information  consists of the BitLocker recovery object named ms-FVE-RecoveryInformation


ms-FVE-RecoveryPassword

This attribute contains the 48-digit recovery password used to recover a BitLocker-protected drive. Users enter this password to unlock a drive when BitLocker enters recovery mode.

ms-FVE-RecoveryGuid

This attribute contains the GUID associated with a BitLocker recovery password. When in BitLocker's operating system drive recovery mode and when attempting to recover a data drive from within the operating system, this GUID is displayed to the user so that the correct recovery password can be located to unlock the drive. This GUID is also included in the name of the recovery object.

ms-FVE-VolumeGuid

This attribute contains the GUID associated with a BitLocker-protected drive.

While the password (stored in ms-FVE-RecoveryGuid) is unique for each recovery password, this drive identifier is unique for each BitLocker-protected drive.

ms-FVE-KeyPackage

This attribute contains a drive's BitLocker encryption key secured by the corresponding recovery password.


http://blogs.technet.com/b/askcore/archive/2012/05/16/requirements-to-save-bitlocker-recovery-key-to-ad-using-mdt.aspx

http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx
Cris Hana - they are if you configure it to.

To view the tools you look in the "Bitlocker recovery" tab of the computer object.  To see that you need to install the "feature" as:

Remote Server Admin Tools (RSAT) \ Feature Admin Tools \ Bitlocker drive encryption admin

Steve

  User generated imageUser generated image