Bitlocker Recovery Key not present in AD for some users

Valyu Valev 1 Reputation point
2021-05-26T09:42:37.09+00:00

Hello,

I have a weird situation where the same BitLocker group policy is applied to all users, BitLocker is enabled on each PC but I have recovery keys in AD for only like half of them. Is there any way to remotely generate recovery keys for the PCs that don't have it? BitLocker Recovery key tab is present on each device, just the key is present only on some of them.
It would be very hard to go to each on of the devices and manually push the keys from there.

Thank you in advance!

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,543 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Daisy Zhou 17,091 Reputation points Microsoft Vendor
    2021-05-27T03:51:42.587+00:00

    Hello @Valyu Valev ,

    Thank you for posting here.

    To better understand our question, please confirm the following information at your convenience。

    1.Based on "I have a weird situation where the same BitLocker group policy is applied to all users", what BitLocker group policy settings did you configure for all users?

    2.Based on "but I have recovery keys in AD for only like half of them", would you please take a screenshot for one ad user to us? Where can you see recovery keys in AD?

    3.Based on "BitLocker Recovery key tab is present on each device, just the key is present only on some of them", would you please take a screenshot for one ad user to us? Where can you see BitLocker Recovery key tab on each device?

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  2. Valyu Valev 1 Reputation point
    2021-05-27T07:23:34.807+00:00

    Hello DaisyZhou,

    Thank you for your response!

    The settings for BitLocker were not configured by me but by the previous sys admin, however the same policy is applied to all devices (they're in the same OU, all of them have the BitLocker Recovery tab, but on some of the - it's empty).

    Store BitLocker recovery information Active Directory Domain is enabled.

    Here is a screen from BitLocker recovery tab from the properties menu of the device itself.
    This on has rec key.

    100136-testpc-bitlocker-tab.jpg

    0 comments No comments

  3. Daisy Zhou 17,091 Reputation points Microsoft Vendor
    2021-06-02T09:22:31.51+00:00

    Hello @Valyu Valev ,

    Thank you for your update.

    I am sorry for the late reply.

    Here is a similar case with marked answer.

    https://community.spiceworks.com/topic/331071-active-directory-can-t-see-bitlocker-recovery-key-tab-in-computer-properties

    Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments