Once installed, a new BitLocker Recovery tab will appear in the Properties dialog for computer objects in Active Directory Users and Computers . 2. Configure Group Policy (GPO)
| Symptom | Likely Cause | Fix | |---------|--------------|-----| | No BitLocker tab in ADUC | Schema not extended | Run adprep /schemaupgrade from a 2008+ media | | "Access denied" when encrypting | Computer lacks write perms | Delegate Write msFVE-RecoveryInformation to Domain Computers on OU | | Key stored but missing in ADUC | Advanced Features off | Enable View → Advanced Features | | Encryption hangs at 0% | Cannot contact writable DC | Check firewall (LDAP 389, LDAPS 636) and site topology | | Event ID 24665 (BitLocker-API) | Failed to escrow key | Check that computer has a valid Kerberos ticket ( klist ) | active directory bitlocker
To view recovery keys within the AD management console, you must install the . Once installed, a new BitLocker Recovery tab will