If you followed the steps above and found no "BitLocker Recovery" tab or no keys listed, consider the following:
If you navigate to the computer object and the "BitLocker Recovery" tab is missing or empty, consider the following causes:
is a standard administrative task for IT professionals managing domain-joined Windows devices. When BitLocker is configured via Group Policy to back up recovery information to AD DS, the 48-digit recovery password is saved as a child object of the computer's Active Directory object. Prerequisites for Key Retrieval get bitlocker recovery key from active directory
Active Directory Users and Computers (Properties -> BitLocker Tab) PowerShell Get-ADComputer (Requires RSAT-Feature-Tools-BitLocker ) Search ID PowerShell Get-ADObject (Searches msFVE-RecoveryInformation )
Review the list of attached recovery keys. They are listed by date and Recovery Key ID. If you followed the steps above and found
PowerShell is powerful for bulk retrieval, auditing, or automation. The keys are stored in the msFVE-RecoveryInformation child objects of each computer.
Go to -> Remote Server Administration Tools -> Feature Administration Tools . They are listed by date and Recovery Key ID
By default, ADUC does not show BitLocker keys. You must install the RSAT (Remote Server Administration Tools) feature called . Open Settings on your administrator workstation.
The organization must have configured Group Policies to back up BitLocker keys to AD.
If the computer was encrypted before the Group Policy forcing AD backup was applied, the key will only exist locally on the machine or in the user's personal cloud account.
If the computer was recently encrypted, the data might not have replicated across all domain controllers.
