This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 63%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
Hi there,
We got a laptop under our domain and had retrieved the BitLocker recover key several times (on Microsoft BitLocker Administration and Monitoring console)
Yesterday, a Windows update from 1909 to 20H2 has performed on the laptop, it was normal after the update.
However, it ask for BitLocker recover key after a normal restart, and the recovery key could not be retrieved from Microsoft BitLocker Administration and Monitoring console.
We have ensure the User Domain, User ID and Key ID weren't wrongly input but it still showing "User is not valid for this drive" . Can you please advise on the situation? Thank you.
Hi @Masa LEE
If you or the client do not have the keys it is best to reset Windows.
Download the Windows 10 ISO from https://www.microsoft.com/en-ca/software-download/windows10 and reinstall Windows (or push a new image if you have remote software such as SCCM or AutoPilot).
-----------------------------------
If this is helpful please accept answer.
Is there any other way? Since there is data we would like to retrieve which is quite important.
same problem to my friend. the case is he never login to microsoft account in the device (laptop), then in the account it's not have device, then how he get the key id?. finally he asked to asus center and they said it have to reinstall the software (windows) and paid RP. 250.000 ($16.81)
Hello there,
MBAM uses a unique volume ID as the identifier for each disk volume to store BitLocker recovery keys. However, if imaging procedures are performed incorrectly, the volume IDs may not be unique in some cases. When this problem occurs, BitLocker recovery keys for some disk volumes are missing in the MBAM recovery database.
You cannot retrieve the BitLocker recovery key for disk recovery in BitLocker Administration and Monitoring https://support.microsoft.com/en-us/topic/you-cannot-retrieve-the-bitlocker-recovery-key-for-disk-recovery-in-bitlocker-administration-and-monitoring-f8e1628b-a11e-b595-2118-ecece4b178d4
I hope this information helps.
----------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 57.99999999999999%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECF%3C/text%3E%3C/svg%3E)
Hi MasaLEE-9140,
According to your description, if the account is part of the AdvHelpDeskUser group. if we could only provide Key ID and reason code fields to check.
That means, if we have logged in with system admin account, then we do not have to supply user domain and user ID.
If you have logged in with normal helpdesk account, you have to supply all-User domain, User ID, Key ID, Reason for Drive Unlock.
Did the user logged in to the machine? if No, you may will receive the error "user is not valid for this drive". We could try to log in the problematic machine locally than check.
Meanwhile, The recovery key gets stored in the table "RecoveryandHardwareCore.keys" inside the Recovery and Hardware database.
We could check the SQL server to get the bitlocker recovery key.
Of course, if we have backup the recovery key to DC, we could find the recovery key from DC.
https://www.top-password.com/blog/find-bitlocker-recovery-key-from-active-directory/
Best Regards,
Carl
