Bitlocker key not syncronized to AD.

Question

Hy!

I have a problem with one of my laptops.
On the laptops i use bitlocker, and i forced to sync the keys from gpo to the AD.
But one laptop now prompting to get the recovery key but it isnt synced to the AD.
Is there any solution for this?
Thanks for the help!
bolvar

Answer 1

Hi,
Based on my understanding, there is only one laptop that is not working correctly, right?

Did the machine apply the GPO correctly?
Please run the CMD as administrator and run the command: Gpresult /h c:\report.html on this machine and check if the Bitlocker GPO was applied.

If possible, please share a screenshot here! (Please hide the private information)

Best Regards,

Answer 2

@Attila Bolvári

Hi,

I had the same issue with one of laptop (Windows 10 version 1709), where all the policies were updated properly, but still unable to send Bit Locker keys to AD. I have done the below steps to send it manually to AD, luckily its worked for me.

Open CMD in elevated mode and type below:

manage-bde -protectors -get X:   

X is the drive letter for encrypted drive, you will get below:

Password:
ID: {B3DF5FBF-XXXX-XXXX-XXXX-XXXXXXXX4EA6}

Numerical Password:
ID: {01CA195D-XXXX-XXXX-XXXX-XXXXXXXXD731}

Password: (You will see this, if encrypted drive is unlocked, and you have to unlock in order to manually sync to the AD)
171171-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX-XX7466

manage-bde -protectors -adbackup -id '{01CA195D-XXXX-XXXX-XXXX-XXXXXXXXD731}' e:  

If you drive is unlocked; and there is group policy configured to allow the storage of recovery information to AD, your keys will be stored to AD.

Regards,