Windows Server

How to fix missing BitLocker Recovery Tab in Active Directory Users and Computers

Data is among the most important resources of every corporate organization. Since data security is prioritized by every organization nowadays, special attention is needed to protect sensitive information. With this in mind, employee devices such as Laptops are vulnerable to security risks and must be protected. See the following guide on how to enable FileVault disk encryption on a Mac device and how to fix your device cannot use a Trusted Platform Module: Allow BitLocker without a compatible TPM”. You may have configured BitLocker correctly as described in this guide “How to enable Bitlocker via the Local Group Policy Editor and the Group Policy Management Console” and still not able to view the BitLocker Recovery Tab.

As an Administrator managing BitLocker, the BitLocker Recovery TAB is still missing when they try to open the properties of the computer through AD. You are in the right place.

This issue is a result of not having the BitLocker Drive Encryption Administration Utilities installed. You will have to install the BitLocker Recovery Password Viewer and BitLocker Drive Encryption Tools. To proceed, please follow the steps discussed below. You may be interested in some of the articles I have written regarding “Insight on Full Disk Encryption with PBA / without PBA, UEFI, Secure Boot, BIOS, File and Directory Encryption and Container Encryption“.

To install BitLocker Drive Encryption Administration Utilities on a Server (Domain Control), please follow the steps below.

  • Launch the Server Manager
  • Click on Add role and Feature

This will open the Add Roles and Feature Wizard. Click on Next as shown below, this screen is not relevant to us 🙂

In the next window, select “Role-based or feature-based installation as we will be installing a feature later on

We only have one server in the server Pool. Therefore it is automatically selected. Click on Next to continue.
– If you have multiple servers, ensure the right server is selected.

We do not care about the Server roles as we are not installing a Role. We will skip this screen and on the Features window
– We will select BitLocker Drive Encryption Administration Utilities under Remote Server Administration and
– Check both BitLocker Drive Encryption Tools and BitLocker Recovery Password Viewer as shown below.

Click on nExt and on the confirmation page, you should click on install as shown below.

On the result page page, click on close. You should be able to view the BitLocker Recovery Tab in the ADUC

To Install BitLocker Drive Encryption Administration Utilities on a Client, please follow the steps below.
Note: By default, only Domain Admins have access to BitLocker recovery information, but access can be delegated to others. Without this, you cannot view the BitLocker Recovery Key.

Installation of Remote Server Administration Tools (RSAT) in Windows 10 v1809, v1903 and v1909 are no longer a downloadable add-on to Windows. Instead, it's included as a set of  "Features on Demand" directly in Windows.

Since BitLocker Drive Encryption Administration Utilities are not included, we will have to add them.
– Launch Windows settings,
– Navigate to Apps and Select Apps & Features as shown below. Follow along with the rest steps.

Now, scroll through the list and install BitLocker Drive Encryption Administration Utilities.

That is all. You can now launch ADUC and the Tab that is missing will be available.
See how to install BitLocker utilities via PowerShell. Once installed, opening the properties of the computer object and clicking on the BitLocker Recovery tab will display all associated recovery keys.

Install-WindowsFeature BitLocker –IncludeAllSubFeature -IncludeManagementTools

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x