Easy Ways to Find BitLocker Recovery Key from Active Directory

April 19th, 2019 by Admin Leave a reply »

BitLocker is prompting for a recovery key and you lost it? Applying the GPO to store BitLocker recovery password in Active Directory is a good practice for companies when data security is a concern. In this tutorial we’ll show you different ways to find BitLocker recovery key/password from Active Directory or Azure AD.

Method 1: Find BitLocker Recovery Key in AD Using PowerShell

  1. Press the Windows key + X and then select “Windows PowerShell (Admin)” from the Power User Menu.

  2. Copy and paste the following script into the PowerShell console and hit Enter. Substitute “PCUnlocker” with the name of the computer you want to locate BitLocker recovery key for.

    $objComputer = Get-ADComputer PCUnlocker
    $Bitlocker_Object = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $objComputer.DistinguishedName -Properties 'msFVE-RecoveryPassword'
    $Bitlocker_Object

  3. It will retrieve all details from the ‘msFVE-RecoveryInformation‘ objects attached to your target computer. The msFVE-RecoveryPassword item is the BitLocker recovery key you’re looking for.

Method 2: Using BitLocker Recovery Password Viewer Utility

If you’ve enabled the BitLocker Recovery Password Viewer feature in Active Directory, it’s pretty simple to retrieve BitLocker recovery key for any computer in AD. Follow these steps:

  1. After opening the Active Directory Users and Computers snap in, expand your domain and click the Computers container. Right-click on your target computer object and select Properties.

  2. Go to the Bitlocker Recovery tab, you can view all BitLocker recovery keys that were automatically backed up to AD.

If you know the first 8 digits of the Password ID, here’s how to search your BitLocker recovery keys:

  1. Right-click on your domain in the left pane of Active Directory Users and Computers snap in, and then select Find BitLocker recovery password.

  2. Enter the first 8 characters of Password ID and click on Search.

  3. It will locate the matching BitLocker recovery keys that are stored in your Active Directory.

Method 3: Locate BitLocker Recovery Key in Azure AD

Once the BitLocker recovery key is backed up to Azure AD, users can find their own keys in the Profile section after signing into https://account.activedirectory.windowsazure.com/profile/. Administrators can log in to https://account.activedirectory.windowsazure.com/n/#/devices, select the appropriate device, and click View Details to get the BitLocker recovery key.