You can find the key without leaving your terminal. Run this from a Domain Controller or a machine with the AD module installed.
We have all seen it. You roll into the office on a Monday morning, or worse, you’re troubleshooting a remote user’s laptop. The user enters their password, but instead of booting to Windows, they are greeted by the ominous, text-only interface of the . find bitlocker key in active directory
If you have legacy systems or the BitLocker tab is missing, you can use ADSI Edit (adsiedit.msc). Navigate to the computer’s DN, look for child objects of class msFVE-RecoveryInformation . The msFVE-RecoveryPassword attribute is the raw key. You can find the key without leaving your terminal
Since Windows Server 2008 and Windows Vista, Microsoft has allowed BitLocker recovery information to be escrowed directly into AD. Here is your definitive guide to finding that key. You roll into the office on a Monday
If you don’t have that 48-digit numerical password, that machine is a paperweight. But if your organization has been following best practices, you have a secret weapon: .
Note: Look for the msFVE-RecoveryPassword field in the output. That is your key.
# Import the AD module Import-Module ActiveDirectory $ComputerName = "LAPTOP-JSMITH" $Computer = Get-ADComputer -Identity $ComputerName -Properties * Retrieve the BitLocker recovery password Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $Computer.DistinguishedName -Properties 'msFVE-RecoveryPassword'