If you have installed a new domain controller in an environment that uses AD to store BitLocker Recovery keys, you’ll notice that by default the Recovery Key tab is not present.
In this article I’ll show you how to add it.
I’m assuming you have the GPOs in place for your client computers to store the BitLocker Recovery Key in AD in the first place.
Before being able to view the BitLocker Recovery keys in AD you need to install the BitLocker Password Recovery Viewer feature.
In Server Manager, select Manage.
Then select Add Roles and Features.
Click Next through the wizard until you get to Features.
Select Remote Server Administration Tools, expand Feature Administration Tools, expand BitLocker Drive Encryption Administration Utilities, and finally select BitLocker Recovery Password Viewer.
Click Next, then click Install.
Once complete, if you take a look at the Computer Properties dialogue box again, you’ll see the BitLocker Recovery tab.
If the end user doesn’t know the computer name, then you can still find the Recovery Password, right-click the domain and select Find BitLocker recovery password. Then type in the first 8 characters of the code.