This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Bitlocker Recovery Key Active Directory Link File
AD allows granular delegation. You can grant the Help Desk "Read" access to recovery keys without giving them domain admin privileges. Standard users cannot view their own recovery keys, and auditors can track who accessed which key via native AD logs.
The data is stored in two hidden attributes on the computer object: bitlocker recovery key active directory
When a computer is joined to a domain and BitLocker is enabled (usually via Group Policy), the client computer generates a recovery key. If configured correctly, the computer attempts to back up this key to the computer object in Active Directory. AD allows granular delegation