We help IT Professionals succeed at work.

Bitlocker integration with AD

Exchange User
on
Hi Experts,

I am new to Bitlocker and we are now in a pilot phase of encrypting all corporate devices using Bitlocker integrated with AD for recovery information. Everything is working well but there are few PCs that already had Bitlocker enabled and when I move them to the OU where GPO for AD integration is applied, the recovery password does not show up in the BitLocker Recovery tab in the PC's properties in AD.

Any idea how we can get that fixed ? Do we have to disable bitlocker and then reencrypt it ?
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
You don't have to re-encrypt. Just deploy a batch by means of an immediate scheduled task that you place in the group policy preference section.
It would go

for /f "tokens=1,2" %%a in ('manage-bde -protectors -get C: -Type recoverypassword ^| findstr ID') do manage-bde -protectors -adbackup c: -id %%b

Open in new window


for the c: drive.