Get-ADObject -Filter ObjectClass -eq "msFVE-RecoveryInformation" -SearchBase "DC=contoso,DC=com" Zero results. Of course.
He found the setting: Choose how BitLocker-protected operating system drives can be recovered. dialed the VP
And there it was: msFVE-RecoveryPassword . dialed the VP
Leo copied it, dialed the VP, and read it out in a flat monotone. dialed the VP
Leo didn’t feel like a god. He felt like a plumber who’d just unclogged a pipe that should never have been clogged in the first place. He opened a new ticket: Enable BitLocker recovery password viewer for all admins.
The VP’s laptop chimed. The lock screen dissolved. Windows booted.