So I needed to find a way to get the key into Active Directory manually after bitlocker was enabled and most of my google searches were of no help.
This is what I have come up with -
Start with a cmd prompt (ran as an administrator)
Enter the following command: manage-bde -protectors -adbackup C: -id {recoveryGUID}
You might be asking yourself what is the recoveryGUID???
The volume GUID can be found by executing the following:
- Right click the volume (ex. C: drive) that is bitlocker'ed and choose Manage BitLocker
- Choose save or print recovery key again
- Choose save to file
- We are looking for the "Full recovery key identification". That is the GUID of the volume that you selected and is also the "id" used with the manage-bde command above. Make sure you include the brackets with the ID
That should be it, double check in AD to make sure that the information for the recovery key has been populated in the computer object.
No comments:
Post a Comment