question

RicardoNeves-5372 avatar image
0 Votes"
RicardoNeves-5372 asked JarvisSun-MSFT commented

Locked out of a machine - BitLocker + Windows Sign In

Good morning!

A perfect storm was made last week. I own a small business and I use windows AD as well as Intune to store details from my employees and enforce using bitlocker in case something happens to the pcs. On Intune, I usually check for the bitlocker recovery password and on AD I check for a password of the local admin account that is created upon setup (password changes via policy afterwards).

What happened was that upon a creation of a new object in the Active Directory I made a mistake and when I joined that machine to the domain I gave it the name of an already existing object in the AD. Usually an error pops up notifying about this issue but this time it joined the domain without any warnings. After I realized this mistake I changed the name of the newest machine but when I searched the old one on AD, there was no object created. To create the object on AD I simply took the machine out of the domain and was going to reconnect it to the domain.

This is where the problem began. After I took it from the domain I only had that local user account "admin" to sign in to the machine but since its password was stored on AD, I had no access to it and recovery methods were nonexistent because when I use the "reset password" option, it only allows me to do it via "recovery disk" which I assume I had to configure previously.

To add to this issue we have bitlocker , because there are ways to overcome the problem of the windows sign in but with the disk decrypted. When I went to Intune to check on the recovery key of bitlocker, it was missing. Every other solution I try either requires the bitlocker recovery key or the local admin password (bear in mind we have the bitlocker PIN) which means that Im locked out of the computer and it has a lot of important data of a client that I would really like to save.

Scenario is that I have the bitlocker PIN but I don't have the recovery key nor the password for the local user account. I've tried everything I could find and no success because each option requires that one of these 2 is known so Im asking, is there something I can do aside from formatting the disk?

Best Regards,

Ricardo Neves

windows-active-directorymem-intune-general
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RicardoNeves-5372 Thanks for posting in our Q&A.
For our issue, could you please confirm whether the bitlocker recovery key is stored in Azure AD portal? We can check the device information in the Azure AD portal to see if it is there.
If it is stored in AD, due to there is no local administrator password to enter the system, there is no official way to get it. Thanks for your understanding.

0 Votes 0 ·

@RicardoNeves-5372 How are things going on? We are waiting to see if our problem is resolved. If there is anything update, please feel free to let us know.




If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

0 Answers