Unable to find my BitLocker Recovery Key in AD
BitLocker is a Microsoft encryption product designed to protect user data on a computer. If there is a problem with BitLocker, the BitLocker recovery mode will be prompted. If you do not have a working recovery key for the BitLocker command prompt, you will not be able to access the computer. In this article, you will learn about “Unable to find my BitLocker Recovery Key in AD”. Please see these guides: Find saved Wi-Fi Passwords in Windows 10 and 11, and how to fix RDP Users are unable to change Passwords.
BitLocker encryption is often intentionally enabled by or on behalf of a user with full administrator access to your device. This user can be you, another user, or an organization that manages your device.
The BitLocker encryption process occurs in the background and often goes unnoticed by users until a recovery event occurs. If you wish to Disable BitLocker,
Also, see how to correctly disable Microsoft BitLocker Administration and Monitoring encrypted devices, how to view BitLocker Disk Encryption Status in Windows, how to query MBAM to display the report for BitLocker Recovery for a specified period of time, and how to determine why an MBAM protected device is non-compliant.
Why was this BitLocker Recovery Key mode Prompted?
Note: For Dell devices, Dell BIOS updates suspend BitLocker before flashing, so a BitLocker recovery event cannot occur due to the firmware update. There are a number of reasons why the BitLocker recovery mode will be prompted. Some of these are as follows
But for some other device types, a BIOS update can trigger a BitLocker recovery event because the PCR changes between when Windows is running and when the BIOS is updated.
If the computer enters recovery mode, it is likely because an external drive is connected because the boot drive enumeration is changed. I will be covering various reasons for the BitLocker recovery prompt in another guide. Here is a guide on how to deploy MBAm client as part of Windows deployment process.
If the recovery key is lost, there is no other way to unlock the drive. To get the computer back up and running, reinstalling Windows is the only option (this will result in the loss of all data and configurations of the encrypted hard drive).
Storage options for BitLocker recovery keys
Recovery keys can be saved in different ways depending on the version of Windows installed. Before we proceed in resolving this issue. You must have previously saved your BitLocker recovery key in one of these locations below. Here is a guide on how and where to find your BitLocker recovery key in Windows.
- Microsoft account
- On a printout
- USB flash drive
- Azure Active Directory account.
- Copied and saved in a text file on another PC. You can remotely connect to the PC and view the text file from another device. Make sure that each backed-up recovery key is accessible from another computer or phone. You can access a remote PC this way without remotely connecting to it.
\\techPC\c$\Users\Administrator\DesktopAlso, if you are using MBAM to manage BitLocker. This will be saved in the MBAM database and you will be able to query the database via the Help Desk or Advanced help desk. Also via the self-service portal. You can determine if you have MBAM installed from the following link.
Here is a guide on how to backup existing and new BitLocker recovery keys to Active Directory using a simple script. And how to fix the missing BitLocker Recovery Tab in Active Directory Users and Computers.
Access the BitLocker Recovery Tab in the Active Directory
Additionally, if you have configured the BitLocker recovery keys to be saved to Active Directory. You will also be able to find your keys there.
If you have enabled BitLocker for a device, this will be found under the BitLocker Recovery Tab as shown below.
If you have the keys saved in AD, you will require Domain Admin rights to view this and also install the BitLocker Drive Encryption Administration Utilities on a Server.
I do not have a BitLocker Recovery Key Saved (Not in my Microsoft account too)But if you do not have a working recovery key for the BitLocker command prompt. You will not be able to access the computer. Please see MDT Warning: Unable to set working directory, the application returned an unexpected code 2, Unable to execute: The application GUID not found in the application list, and how to Mount remote directory using sshfs.
The BitLocker Setup process forces the creation of a recovery key at the time of activation, and if you are unable to find a required BitLocker recovery key, you’ll need to reinstall your device.
Reinstalling your device removes all files or have it re-installed entirely via the WDS and MDT. Here is a guide on how to Install ADK, MDT, and WDS: Deploy Windows images via Microsoft Deployment Toolkit and Windows Deployment Services.
FAQs
Why should you delete the BDEDrive partition via MDT and Command Prompt?
If Bitlocker never will be used on the Windows PC, the BDEDrive can be removed using the following procedure below.
BDE partition can be outright disabled if you have no intentions of utilizing BitLocker in the future. add that to your customsettings.ini to disable it: DoNotCreateExtraPartition = YES
How can I create a Bitlocker partition on a device without one?
Open an elevated command window and run “BdeHdCfg.exe -target default”. It will respond by creating the partition or notifying you that the computer’s hard drive is already properly configured.
I hope you found this blog post helpful on Unable to find my BitLocker Recovery Key in AD. Please let me know in the comment session if you have any questions.
