Home > Questions

Unable to save the BitLocker recovery key to Active Directory

We're trying to deploy BitLocker for an org and are having an issue where some computers fail to back up the BitLocker recovery key to AD and, consequently, do not encrypt the hard drives. The weirdest thing is that only SOME of the computers fail to back up the key. Others are just fine. Any ideas what can be happening and what can I do?

Best Answered by

iBoysoft author Ciki Liu

Ciki Liu

Answered on Wednesday, November 22, 2023

In your case, you should check if the BitLocker Group Policy settings are applied to those two faulty computers. It's highly likely the GPO configurations are partially wrong or not applied to them at all. You can then fix the GPO settings not applying issue and that should solve your issue.

Most of the Group Policy settings work well when BitLocker is initially enabled on a drive. However, if the computer doesn't comply with current Group Policy settings, BitLocker can be disabled or turned off. The scenarios can include what you've mentioned in the post, such as being unable to back up the BitLocker recovery key in AD, and consequently not encrypting the computer.

To view your GPO settings with the gpresult command, you can follow the steps below for a more detailed guide.

Step 1. Click on the Windows Start button and type in command prompt.

Step 2. Select the command prompt program and right-click on it. Choose Run as administrator.

Step 3. Type in the following command to view your Group Policy Settings.


Step 4. You can see from the results whether the BitLocker GPO is applied. If it does, you should double-check by running the command below.


If you find none of the settings in GPO are there on the bad computers, there are some possible fixes you can try to solve the GPO settings not applying issue besides using the gpupdate /force command.

  • Disable User or Computer Settings in Group Policy Object. 
  • Block Inheritance and Enforcement in Group Policy Link.
  • Use the Group Policy Modelling Wizard.
  • Enable Group Policy Preferences Debug Logging.

If nothing works after trying out all methods mentioned above, you can only manually save and back up the BitLocker recovery key in a safe location.

People Also Ask

Read More Questions

Read More Advice From iBoysoft's Computer Experts

como criptografar um USB no Mac e Windows

Como Criptografar um USB para Mac & Windows 11/10?

Como criptografar e proteger com senha um USB para ambos Mac e Windows 11/10? Este guia explica os detalhes e apresenta o melhor software de criptografia de USB.



この記事では、Windows 10でBitLockerの暗号化を無効にするための5つの方法を紹介します。

bitlocker drive the parameter is incorrect

Fixed! BitLocker Drive Is Not Accessible the Parameter Is Incorrect

This post guides you on how to fix BitLocker drive the parameter is incorrect. You can get files off from the inaccessible BitLocker drive with iBoysoft Data Recovery and make the drive usable again.

How to Tips