Appendix A: Checking BitLocker and TPM Schema Objects
To enable the backup of BitLocker and TPM recovery information in Active Directory, a total of six schema objects are created in the Active Directory schema.
You can use the following procedure to verify whether these objects exist in your Active Directory installation.
To examine and verify BitLocker and TPM schema objects
Log on to the domain controller with an account in the Domain Admins group.
Open the ADSI Edit snap-in. Click Start, click Run, type adsiedit.msc, and then click OK.
This snap-in is in Windows Support Tools. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, see https://go.microsoft.com/fwlink/?LinkID=70775.
Open the Schema container, and then open the folder containing available schema objects (see the following figure).
Find by name the following schema objects:
- CN= ms-FVE-KeyPackage – attributeSchema object
- CN=ms-FVE-RecoveryGuid – attributeSchema object
- CN=ms-FVE-RecoveryInformation – classSchema object
- CN=ms-FVE-RecoveryPassword – attributeSchema object
- CN=ms-FVE-VolumeGuid – attributeSchema object
- CN=ms-TPM-OwnerInformation – attributeSchema object
The following screen image represents a typical search for schema objects: