How to: Fix BitLocker Recovery Key not showing in Active Directory (AD)

If you have installed a new domain controller in an environment that uses AD to store BitLocker Recovery keys, you’ll notice that by default the Recovery Key tab is not present.

In this article I’ll show you how to add it.

AD - Computer Properties - No BitLocker Recovery tab

I’m assuming you have the GPOs in place for your client computers to store the BitLocker Recovery Key in AD in the first place.

Before being able to view the BitLocker Recovery keys in AD you need to install the BitLocker Password Recovery Viewer feature.

In Server Manager, select Manage.

Then select Add Roles and Features.

Click Next through the wizard until you get to Features.

Select Remote Server Administration Tools, expand Feature Administration Tools, expand BitLocker Drive Encryption Administration Utilities, and finally select BitLocker Recovery Password Viewer.

Server Manager - Add Roles and Features - Features - RSAT - Feature Administration - BitLocker Drive Encryption Administration Utilities - BitLocker Recovery Password Viewer

Click Next, then click Install.



Server Manager - Add Roles and Features - Features - RSAT - Feature Administration - BitLocker Drive Encryption Administration Utilities - BitLocker Recovery Password Viewer - Insall

Once complete, if you take a look at the Computer Properties dialogue box again, you’ll see the BitLocker Recovery tab.

AD - Computer Properties - BitLocker Recovery tab

 

If the end user doesn’t know the computer name, then you can still find the Recovery Password, right-click the domain and select Find BitLocker recovery password. Then type in the first 8 characters of the code.

ADUC - Find BitLocker recovery password

 

 Related Posts:

1. How to fix “Your Active Directory Domain Services schema isn’t configured to run BitLocker Drive Encryption.”

2. Active Directory Domain Naming Best Practices

3. How to reset the Directory Services Restore Mode (DSRM) password

4. Windows Server 2012 R2: How to create a UPN Suffix




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.