Looking on some feedback as to how to Setup Bitlocker in a GPO so that I can reset or relay a forgotten pin from AD to a client without touching their workstation.
--please don't forget to Accept as answer if the reply is helpful--
Yes, save BitLocker Recovery Keys in Active Directory is a command way for system admin to manage BitLocker recovery key or other information when user forget them.
The following type of information is stored in AD DS
Hash of the TPM owner password
BitLocker recovery password
BitLocker key package
Please refer to this guide to configure GPO
Store and Retrieve BitLocker Recovery Keys from Active Directory
If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
6 people are following this question.