This one may help.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/bitlocker-recovery-password-viewer-tool
--please don't forget to Accept as answer if the reply is helpful--
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Looking on some feedback as to how to Setup Bitlocker in a GPO so that I can reset or relay a forgotten pin from AD to a client without touching their workstation.
This one may help.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/bitlocker-recovery-password-viewer-tool
--please don't forget to Accept as answer if the reply is helpful--
Yes, save BitLocker Recovery Keys in Active Directory is a command way for system admin to manage BitLocker recovery key or other information when user forget them.
The following type of information is stored in AD DS
Hash of the TPM owner password
BitLocker recovery password
BitLocker key package
https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq#what-type-of-information-is-stored-in-ad-ds
Please refer to this guide to configure GPO
Store and Retrieve BitLocker Recovery Keys from Active Directory
https://4sysops.com/archives/store-and-retrieve-bitlocker-recovery-keys-from-active-directory/
-------------------------------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.