Hey everyone! So, I have this device where BitLocker is enabled, but the recovery key isn't in Active Directory like it should be. I can't log into the device because it's asking for that recovery key. We've set up a Group Policy to save these recovery keys in AD, but it looks like something went wrong with this particular device and it never backed up the key. Any advice on how to resolve this? Thanks!
4 Answers
This problem usually crops up if BitLocker was enabled before the GPO kicked in or if the domain was unreachable when it turned on. I'd recommend routinely using the manage-bde command to back up the key protector to AD. And for the long run, consider using Intune or Entra for more streamlined management of your keys.
Yeah, I had something similar happen too. If you can't get the key back, it might be bricked. Just give the user a heads up that if their important files weren't backed up, they're probably gone. I know someone who lost a crucial thesis because of this, so it's a big deal! They’re just waiting for some miracle to recover their BitLocker data now.
If you're using a TPM and haven’t made any changes to the system, cold booting might help. However, if you've changed the BIOS or something else major, you could be out of luck. You can also check Azure AD or the user's Microsoft account for the key, but it might not be there unless you had set it up first. Make sure your GPO confirms that the key will back up before encryption because if BitLocker was turned on prior to applying the GPO, it wouldn’t have saved the key. You can manually back it up with some quick commands.
If your user logged into Teams or Outlook on that machine, there's a chance the recovery key might be stored in their Entra account. It's turned on by default, so you don’t need a hybrid setup for that. If not, you might have to wipe the machine since you don't have the recovery key anymore.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures