BitLocker Recovery Key Missing from Active Directory – Need Help!

0
1
Asked By TechWhiz89! On

Hey everyone! So, I have this device where BitLocker is enabled, but the recovery key isn't in Active Directory like it should be. I can't log into the device because it's asking for that recovery key. We've set up a Group Policy to save these recovery keys in AD, but it looks like something went wrong with this particular device and it never backed up the key. Any advice on how to resolve this? Thanks!

4 Answers

Answered By SafetyNetX On

This problem usually crops up if BitLocker was enabled before the GPO kicked in or if the domain was unreachable when it turned on. I'd recommend routinely using the manage-bde command to back up the key protector to AD. And for the long run, consider using Intune or Entra for more streamlined management of your keys.

Answered By LostThesis22 On

Yeah, I had something similar happen too. If you can't get the key back, it might be bricked. Just give the user a heads up that if their important files weren't backed up, they're probably gone. I know someone who lost a crucial thesis because of this, so it's a big deal! They’re just waiting for some miracle to recover their BitLocker data now.

Answered By DecryptItNow On

If you're using a TPM and haven’t made any changes to the system, cold booting might help. However, if you've changed the BIOS or something else major, you could be out of luck. You can also check Azure AD or the user's Microsoft account for the key, but it might not be there unless you had set it up first. Make sure your GPO confirms that the key will back up before encryption because if BitLocker was turned on prior to applying the GPO, it wouldn’t have saved the key. You can manually back it up with some quick commands.

Answered By GadgetGuru42 On

If your user logged into Teams or Outlook on that machine, there's a chance the recovery key might be stored in their Entra account. It's turned on by default, so you don’t need a hybrid setup for that. If not, you might have to wipe the machine since you don't have the recovery key anymore.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.