Group Policy is preventing BitLocker key from being stored in AD

Use this procedure when you get the Bitlocker error  Group Policy is preventing BitLocker key from being stored in AD

1)        Go to the start menu and type in gpedit.msc. Right click and run as administrator.

2)        Type in your admin credentials and click OK

3)        Go to Computer Configuration à Administrative Templates à Windows Components à Bitlocker Drive Encryption. Double click on “Store Bitlocker recovery information in Active Directory Domain Services”

4)        Enable the policy, and click OK

5)        Close the Group Policy Editor

1)        Open an elevated command prompt

2)        Run this command to get the ID

manage-bde -protectors -get c:

3)        Right click in the window, and click “Mark”

4)        Under Numerical Password, click on the starting { bracket and drag your mouse to the ending bracket }. Hit Enter on your keyboard to copy to your clipboard.

5)        Run this command to push the BitLocker key to AD, where the {ID} portion is the key that you just copied ot the clipboard.

manage-bde -protectors -adbackup c: -id

{ID}

a.        Example: manage-bde -protectors -adbackup c: -id {DFB478E6-8B3F-4DCA-9576-C1905B49C71E}

Source: http://blogs.technet.com/b/bitlocker/archive/2010/09/14/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx?Redirected=true

Share on Google Plus

About Tom DeMeulenaere

Highly accomplished information technology professional with extensive knowledge in System Center Configuration Manager, Windows Server, SharePoint, and Office 365.