When running a PowerShell script to backup Bitlocker keys to Azure AD on machines with Bitlocker already enabled, I get this error:
BackupToAAD-BitLockerKeyProtector : Exception from HRESULT: 0x801C0450 At line:1 char:1 + BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyPr ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Write-Error], COMException + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,BackupToAAD-BitLockerKeyProtector
I am able to get it to work only by signing into the machine as a domain admin, then connecting the user account under "Access work or school". I was able to get the script to work on my own machine but I am a local admin. I have tried testing with putting user as local admin, but the only way for the script to put the recovery key in Azure AD is to login as domain admin and connect the user acct in Access work or school.
Script is:
BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId
Is there an easier/better way to accomplish this?
Just posted this and it was removed for "violating community guidelines"
If this violates community guidelines please advise, this is a legitimate question.