Solved

Bitlockerand Active Directory

Posted on 2014-01-13
4
373 Views
Last Modified: 2014-02-13
My firm’s computers upload Bitlocker keys to Active Directory but when I launch the AD Users and Computers MMC how can I view them?
0
Comment
Question by:WPincusIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39778944
Pls see the vbs script in below
http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx

Also available on the BitLocker Deployment Sample Resources
http://archive.msdn.microsoft.com/bdedeploy/Release/ProjectReleases.aspx?ReleaseId=3205

Alternatively there is a BitLocker Recovery Password Viewer for Active Directory that helps to locate BitLocker Drive Encryption recovery passwords for computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008 in Active Directory Domain Services (AD DS). This tool is now part of Remote Server Administration Tools (RSAT) for Windows 7.

See this on how to get it working
@ http://technet.microsoft.com/en-us/library/dd875531(v=ws.10).aspx

To locate a recovery password
1. In Active Directory Users and Computers, right-click the domain container, and then click Find BitLocker Recovery Password.
2. In the Find BitLocker Recovery Password dialog box, type the first eight characters of the recovery password in the Password ID (first 8 characters) box, and then click Search.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 39778946
Bitlocker keys are not part of active directory.  They are stored in the file systems wherever you specified during the process
0
 
LVL 63

Expert Comment

by:btan
ID: 39778956
To clarify, you backup key that is protected by recovery information instead e.g. Recovery information  consists of the BitLocker recovery object named ms-FVE-RecoveryInformation


ms-FVE-RecoveryPassword

This attribute contains the 48-digit recovery password used to recover a BitLocker-protected drive. Users enter this password to unlock a drive when BitLocker enters recovery mode.

ms-FVE-RecoveryGuid

This attribute contains the GUID associated with a BitLocker recovery password. When in BitLocker's operating system drive recovery mode and when attempting to recover a data drive from within the operating system, this GUID is displayed to the user so that the correct recovery password can be located to unlock the drive. This GUID is also included in the name of the recovery object.

ms-FVE-VolumeGuid

This attribute contains the GUID associated with a BitLocker-protected drive.

While the password (stored in ms-FVE-RecoveryGuid) is unique for each recovery password, this drive identifier is unique for each BitLocker-protected drive.

ms-FVE-KeyPackage

This attribute contains a drive's BitLocker encryption key secured by the corresponding recovery password.


http://blogs.technet.com/b/askcore/archive/2012/05/16/requirements-to-save-bitlocker-recovery-key-to-ad-using-mdt.aspx

http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx
0
 
LVL 43

Expert Comment

by:Steve Knight
ID: 39789923
Cris Hana - they are if you configure it to.

To view the tools you look in the "Bitlocker recovery" tab of the computer object.  To see that you need to install the "feature" as:

Remote Server Admin Tools (RSAT) \ Feature Admin Tools \ Bitlocker drive encryption admin

Steve

  BitLocker tabInstall Features
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question