Bitlocker Saving Data Drive Info To Active Directory

Jeffrey Tucker 341 Reputation points
2021-06-17T13:40:29.427+00:00

hello. i have complete success with enabling Bitlocker on system drives and saving keys to AD. however today i attempted to enable a data drive (E) encryption and it does not save to AD. the command "manage-bde -protectors -get e:" returns the Numerical Password. then i use the command "manage-bde -protectors -adbackup c: -id {NUMERICAL_PASSWORD}". the command returns "Recovery information was successfully backed up to Active Directory." however looking at computer object, the key is not saved. it still only shows the system drive information. any ideas? thanks

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,884 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Miles 1,256 Reputation points
    2021-06-18T02:41:04.187+00:00

    Hi

    The problem probably is an issue with replication , not bitlocker.
    Bitlocker recovery keys tab for some devices in AD were updated instantly. However , others did not.

    It seems that some devices just take more time for the key to appear.
    It just depends on whether the backup chooses to use the same Domain Controller that Active Directory Users & Computers is connected to.
    If they are the same, you'll see the change instantly. If not, you won't see it until it replicates.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. MTG 1,206 Reputation points
    2021-06-18T07:27:48.21+00:00

    The syntax is wrong. It should be
    manage-bde -protectors -adbackup c: -id {The ID you found, not the numerical password itself}

    Please retry. If that was just a typo, maybe Miles is right, that's the only possible explanation.

    0 comments No comments

  3. Miles 1,256 Reputation points
    2021-06-21T01:56:46.443+00:00

    Hi
    If you resolved it using our solution, please click "Accept Answer" on a reply to help other community members find the helpful reply quickly.
    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    0 comments No comments

  4. Jeffrey Tucker 341 Reputation points
    2021-06-22T19:03:43.413+00:00

    hello. thanks for both responses. i did have a typo in my second command. should be E: instead of C: it also says success. its been 5 days and still nothing DCs are syncing okay.

    0 comments No comments

  5. MTG 1,206 Reputation points
    2021-06-23T07:41:32.373+00:00

    There's nothing that could possibly go wrong if it says success, it has arrived in AD.
    Hm, please rule out that it's a refresh problem. Also look in ADSIedit below your computer object should be msFVERecoverykey objects - is it seen there?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.