If the BitLocker Recovery tab is empty or the PowerShell query returns no results, consider the following troubleshooting steps:
Run the following command, replacing ComputerName with the actual name of the machine: powershell
(the first 8 characters of which are usually displayed on the locked device) to find the corresponding 48-digit password. B. Searching by Recovery ID
Navigate to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> BitLocker Drive Encryption . From here, configure the and Removable Data Drives nodes. For the operating system drives, enable the Enable BitLocker policy and Choose how BitLocker-protected operating system drives can be recovered . Most importantly, enable the policy **Store BitLocker recovery information in Active Directory Domain Services (AD DS)** . You can also choose to store the Recovery Password only or both the Recovery Password and Key Package.
Expand > Feature Administration Tools .
| Issue | Fix | | :--- | :--- | | | You need "Advanced Features" enabled in ADUC (View menu). | | The computer object has no child entries | BitLocker wasn't backed up to AD. Check GPO again. | | The key doesn't work | You grabbed the wrong key. Verify the Key ID on the user’s screen matches the Key ID in AD. | | PowerShell returns nothing | Run as Domain Admin. Also try -Properties * – some attributes are not visible by default. |
If the computer exists in AD but the tab is empty, the key was likely never backed up. You can manually force a backup from the client machine if you still have access to the OS: Command Prompt (Admin) :
The policy " Store BitLocker recovery information in Active Directory Domain Services " must be enabled.
# Replace "12345678" with the first 8 characters of the Recovery Key ID $KeyID = "12345678*" Get-ADObject -Filter "objectClass -eq 'msFVE-RecoveryInformation' -and name -like '$KeyID'" -Properties msFVE-RecoveryPassword | Select-Object Name, DistinquishedName, msFVE-RecoveryPassword Use code with caution. Troubleshooting: Why Can't I Find the Recovery Key?