Good morning!
A perfect storm was made last week. I own a small business and I use windows AD as well as Intune to store details from my employees and enforce using bitlocker in case something happens to the pcs. On Intune, I usually check for the bitlocker recovery password and on AD I check for a password of the local admin account that is created upon setup (password changes via policy afterwards).
What happened was that upon a creation of a new object in the Active Directory I made a mistake and when I joined that machine to the domain I gave it the name of an already existing object in the AD. Usually an error pops up notifying about this issue but this time it joined the domain without any warnings. After I realized this mistake I changed the name of the newest machine but when I searched the old one on AD, there was no object created. To create the object on AD I simply took the machine out of the domain and was going to reconnect it to the domain.
This is where the problem began. After I took it from the domain I only had that local user account "admin" to sign in to the machine but since its password was stored on AD, I had no access to it and recovery methods were nonexistent because when I use the "reset password" option, it only allows me to do it via "recovery disk" which I assume I had to configure previously.
To add to this issue we have bitlocker , because there are ways to overcome the problem of the windows sign in but with the disk decrypted. When I went to Intune to check on the recovery key of bitlocker, it was missing. Every other solution I try either requires the bitlocker recovery key or the local admin password (bear in mind we have the bitlocker PIN) which means that Im locked out of the computer and it has a lot of important data of a client that I would really like to save.
Scenario is that I have the bitlocker PIN but I don't have the recovery key nor the password for the local user account. I've tried everything I could find and no success because each option requires that one of these 2 is known so Im asking, is there something I can do aside from formatting the disk?
Best Regards,
Ricardo Neves