![]() ![]() If we are only talking a handfull of machines this could be done manually but what if you have 1000 of machines. You can now use the Bitlocker Recovery Password Viewer for Active Directory tool and verify that the Bitlocker recovery password was successfully backed up to the “new” Active Directory domain. When we have the protector IDs we can use the following command to backup the Bitlocker recovery information to Active Directory: manage-bde –protectors –adbackup C: –id In an elevated command-prompt type: manage-bde –protectors –get C: It is included with Windows 7 and can be found %systemdrive%\Windows\System32 folder.įirst we need to get the ID for the key protectors. ![]() In order to get the Bitlocker recovery password backed up to the new Active Directory domain we need to use the manage-bde.exe command-line. When you migrate the computer account of a Bitlocker enabled machine to another domain using Active Directory Migratíon Tool 3.2 (ADMT 3.2), the Bitlocker recovery password will NOT automatically be backed up to Active Directory but the TPM owner password will. When you unjoin a Bitlocker enabled machine from one domain and join it to another domain, the Bitlocker recovery password and the TPM owner password hash will NOT automatically be backed up to Active Directory.ģ. When you join the stand-alone machine which already had Bitlocker enabled to a domain, the Bitlocker recovery password and the TPM owner password hash will NOT automatically be backed up to Active Directory.Ģ. This is setup for both the old domain (source) and the new domain (target).ġ. You have already prepared your environment for Bitlocker so that Bitlocker recovery passwords and TPM owner password hashes are backup to Active Directory. Okay – let´s set up a few ground rules for this this. You migrate the computer account of a Bitlocker enabled machine to another domain using Active Directory Migratíon Tool 3.2 (ADMT 3.2) ![]() ![]() You unjoin a Bitlocker enabled machine from one domain and join it to another domain, which could be a domain in the same forest or another forest.ģ. You join a stand-alone machine which already had Bitlocker enabled before the domain-joinĢ. In the SCCM Admins guide to preparing your environment for Bitlocker Drive Encryption post series, I walked you through how to prepare your environment for Bitlocker in order to enable the backup of the Bitlocker recovery password and the TPM owner password hash, to Active Directory.ġ. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |