Home > Questions

Unable to save the BitLocker recovery key to Active Directory, what should I do?

We're trying to deploy BitLocker for an org and are having an issue where some computers fail to back up the BitLocker recovery key to AD and, consequently, do not encrypt the hard drives. The weirdest thing is that only SOME of the computers fail to back up the key. Others are just fine. Any ideas what can be happening and what can I do?

Best Answered by

iBoysoft author Ciki Liu

Ciki Liu

Answered on Wednesday, May 31, 2023

 

In your case, you should check if the BitLocker Group Policy settings are applied to those two faulty computers. It's highly likely the GPO configurations are partially wrong or not applied to them at all. You can then fix the GPO settings not applying issue and that should solve your issue.

Most of the Group Policy settings work well when BitLocker is initially enabled on a drive. However, if the computer doesn't comply with current Group Policy settings, BitLocker can be disabled or turned off. The scenarios can include what you've mentioned in the post, such as being unable to back up the BitLocker recovery key in AD, and consequently not encrypting the computer.

To view your GPO settings with the gpresult command, you can follow the steps below for a more detailed guide.

Step 1. Click on the Windows Start button and type in command prompt.

Step 2. Select the command prompt program and right-click on it. Choose Run as administrator.

Step 3. Type in the following command to view your Group Policy Settings.

gpresult/r

Step 4. You can see from the results whether the BitLocker GPO is applied. If it does, you should double-check by running the command below.

gpresult/h

If you find none of the settings in GPO are there on the bad computers, there are some possible fixes you can try to solve the GPO settings not applying issue besides using the gpupdate /force command.

  • Disable User or Computer Settings in Group Policy Object. 
  • Block Inheritance and Enforcement in Group Policy Link.
  • Use the Group Policy Modelling Wizard.
  • Enable Group Policy Preferences Debug Logging.

If nothing works after trying out all methods mentioned above, you can only manually save and back up the BitLocker recovery key in a safe location.

People Also Ask

Read More Questions

Read More Advice From iBoysoft's Computer Experts

BitLockerオフにする

Windows10でBitLocker暗号化をオフまたは無効化する方法は?

この記事では、Windows 10でBitLocker暗号化を無効にするための5つの方法を紹介します。

bitlocker automatic device encryption

BitLocker Automatic Device Encryption: It Explains Automatically Enabled BitLocker on Windows 10/11

This post elaborates on BitLocker automatic device encryption, including what it is, how it works, how to activate and disable it, etc. And explains why some users found it enabled without knowledge.

Wiki Tips

bitlocker not recognize password or recovery key

BitLocker Password & Recovery Key Not Working, How to Fix?

Here are 6 solutions to unlock BitLocker when the BitLocker password and BitLocker recovery key not working or accepting.

Bitlocker Tips