Most importantly: Test your process today. Have you ever had a “missing” BitLocker key horror story? Let me know in the comments below.
# Import the AD module Import-Module ActiveDirectory $ComputerName = "WS-001" $Computer = Get-ADComputer -Identity $ComputerName -Properties msFVE-RecoveryPassword Retrieve BitLocker recovery passwords Get-ADObject -Filter objectClass -eq "msFVE-RecoveryInformation" -SearchBase $Computer.DistinguishedName -Properties msFVE-RecoveryPassword, msFVE-RecoveryPasswordId how to find bitlocker key in active directory
Your user is locked out, the clock is ticking, and you know the key was backed up to Active Directory—but you have no idea where to find it. Most importantly: Test your process today
Run these commands from a domain controller or RSAT-enabled machine: msFVE-RecoveryPasswordId Your user is locked out
You’re staring at a blue screen. The computer says: “Enter the recovery key for this drive.”
To show the key matching a specific (the one displayed on the BitLocker screen):