BitLocker not saving key to AD: We have the solution

By: Madeleine Dean
2 minute read
BitLocker not saving key to AD

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

BitLocker is a built-in full disk encryption feature available on Windows 7, 8.1 and Windows 10. This tool allows users to protect data by encrypting the whole disk or only individual sectors.

When usig BitLocker, it’s extremely important to save the recovery information on Active Directory. To do this, you need to enable a policy called “Store BitLocker recovery information in Active Directory Domain Services”.

However, sometimes BitLocker fails to save the key to AD. This is a very annoying situation since it leaves the respective machines with the drive locked and users don’t have access to recovery passwords.

To avoid such situations, follow the instructions listed below to make sure that BitLocker saves your recovery keys to AD.

How to backup BitLocker recovery key to AD

1. Make sure the Group Policy setting to save the key to AD is enabled

  1.  Navigate to this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE
  2. To allow backup of recovery information, make sure that the values listed below are available:
    1. OSActiveDirectoryBackup should be set to 1
    2. FDVActiveDirectoryBackup should be set to 1
    3. RDVActiveDirectoryBackup should be set to 1.

Also, make sure that the client is a member of the OU and the BitLocker group policies apply to the respective OU.

2. Get the ID for the numerical password protector

To do this, you need to open an elevated Command Prompt, enter the following command and hit Enter: manage-bde -protectors -get c:


For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

In the example above, the C: drive is used. Of course, you need to replace the C: with the letter of the drive that you use.

Once you hit Enter, a list will appear in CMD and there you will find an ID and password for the Numerical Password protector.

3. Backup recovery information to AD

To enable backup recovery information to AD, enter this CMD command: manage-bde -protectors -adbackup c: -id {…}

Replace the dots in the brackets with the ID of Numerical Password protector that you obtained at step 1.

The recovery information for the volume in the active directory should now be visible.

We hope this helps. Also, if you found other solutions to enable BitLocker key saving to AD or fix BitLocker key backup issues, use the comments below to let us know.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading