Backup Bitlocker Keys to Active Directory

The following instructions can be used to force a supported Microsoft Windows operating system to backup its encryption key to Active Directory for safe keeping. Please note that if you have setup bitlocker GPOs with existing encrypted devices already in production, you will need to run this command on those existing endpoints.

Press Windows key to show the start menu & type "cmd" to bring up a search for Windows Command Prompt
Right click Windows Command Prompt and select "Run as Administrator"
Enter the following command:

manage-bde -protectors -get c:^[1]

From here you should copy the "Numerical Password ID with the brackets"

Example of Step 3. Keys have been blurred on purpose

Enter the following command with numerical ID from above inserted

manage-bde -protectors -adbackup c: -id {yourNumbericalPassword}^[1]

You should see that your key was successfully backed up to Active Directory

Example of Step 6. Key Number has been blurred on purpose

References

↑ ^1.0 ^1.1 Jack Stromberg, jackstromberg.com, February 4, 2015

[jack-1] 1.0 ^1.1 Jack Stromberg, jackstromberg.com, February 4, 2015

[1]

Backup Bitlocker Keys to Active Directory

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

My Websites

Sailboats

Tech Things

Tools