BitLocker and Active Directory on Windows Vista\2008

This post share some information about BitLocker and storing the recovery keys in Active Directory (AD) on the Windows Vista and Windows Server 2008. What’s actually created in AD? What happens when decrypt a drive and re-encrypt it? What about additional drives? What if the drive was encrypted before I implemented the Group Policy to copy the […]

This post share some information about BitLocker and storing the recovery keys in Active Directory (AD) on the Windows Vista and Windows Server 2008. What’s actually created in AD? What happens when decrypt a drive and re-encrypt it? What about additional drives? What if the drive was encrypted before I implemented the Group Policy to copy the recovery information to AD? Group Policy’s required to configure a client to send the BitLocker recovery information to Active Directory. To set this up please take a look at Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information. A key point to remember is that, it needs to be done before encrypting any drives. If a drive is encrypted before the policy is applied to the computer, it will not upload the BitLocker recovery information to AD. The only solution currently is to decrypt and then re-encrypt the drive after the policy is applied.

Full ArticleDirectory Service blog