A Group Policy Object must be active to automatically back up BitLocker recovery passwords to Active Directory.
To view recovery keys, you must meet the following requirements: Administrative Rights get bitlocker recovery key from active directory
This is the most common graphical method for finding a specific computer's key: : Launch the snap-in on your management machine. Locate the Computer : Navigate to the Organizational Unit (OU) where the target computer object is stored. Open Properties : Right-click the computer object and select Properties Access Recovery Tab : Click the BitLocker Recovery A Group Policy Object must be active to
: You must have Domain Admin rights or delegated permissions to view sensitive attributes. Open Properties : Right-click the computer object and
: The "BitLocker Recovery Password Viewer" feature must be enabled on your domain controller or administrative workstation to reveal the "BitLocker Recovery" tab in computer properties. Method 1: Using Active Directory Users and Computers (ADUC) The most common graphical method involves using the Active Directory Users and Computers (ADUC) snap-in: Locate the Device
Get-ADObject -Filter objectClass -eq 'msFVE-RecoveryInformation' -SearchBase (Get-ADComputer $ComputerName).DistinguishedName | Select-Object Name, msFVE-RecoveryPassword