Home > Questions

Unable to save the BitLocker recovery key to Active Directory

We're trying to deploy BitLocker for an org and are having an issue where some computers fail to back up the BitLocker recovery key to AD and, consequently, do not encrypt the hard drives. The weirdest thing is that only SOME of the computers fail to back up the key. Others are just fine. Any ideas what can be happening and what can I do?

Best Answered by

iBoysoft author Ciki Liu

Ciki Liu

Answered on Monday, April 29, 2024

In your case, you should check if the BitLocker Group Policy settings are applied to those two faulty computers. It's highly likely the GPO configurations are partially wrong or not applied to them at all. You can then fix the GPO settings not applying issue and that should solve your issue.

Most of the Group Policy settings work well when BitLocker is initially enabled on a drive. However, if the computer doesn't comply with current Group Policy settings, BitLocker can be disabled or turned off. The scenarios can include what you've mentioned in the post, such as being unable to back up the BitLocker recovery key in AD, and consequently not encrypting the computer.

To view your GPO settings with the gpresult command, you can follow the steps below for a more detailed guide.

Step 1. Click on the Windows Start button and type in command prompt.

Step 2. Select the command prompt program and right-click on it. Choose Run as administrator.

Step 3. Type in the following command to view your Group Policy Settings.

gpresult/r

Step 4. You can see from the results whether the BitLocker GPO is applied. If it does, you should double-check by running the command below.

gpresult/h

If you find none of the settings in GPO are there on the bad computers, there are some possible fixes you can try to solve the GPO settings not applying issue besides using the gpupdate /force command.

  • Disable User or Computer Settings in Group Policy Object. 
  • Block Inheritance and Enforcement in Group Policy Link.
  • Use the Group Policy Modelling Wizard.
  • Enable Group Policy Preferences Debug Logging.

If nothing works after trying out all methods mentioned above, you can only manually save and back up the BitLocker recovery key in a safe location.

People Also Ask

Read More Questions

Read More Advice From iBoysoft's Computer Experts

Erro 'O parâmetro está incorreto' no BitLocker drive

Corrigido! A unidade BitLocker não está acessível, o parâmetro está incorreto

Este post guia você sobre como corrigir a unidade BitLocker com o parâmetro incorreto. Você pode recuperar arquivos da unidade BitLocker inacessível com o iBoysoft Data Recovery e tornar a unidade utilizável novamente.

recover deleted or lost files from BitLocker drive

Recover Deleted or Lost Files from BitLocker Encrypted Drive

About how to recover deleted or lost files from BitLocker encrypted drive. Tell whether you can recover data from the BitLocker drive without a key.

Bitlocker Tips

desativar bitlocker

Como desativar ou desabilitar a criptografia do BitLocker no Windows 10?

Este artigo irá lhe informar cinco métodos para desabilitar ou desligar a criptografia do BitLocker no Windows 10.