This is how you load the BitLocker recovery into active directory manually.
STEP 1: Get the ID for the numerical password protector of the volume, in the example below we are using the C: drive:
manage-bde -protectors -get c:
Example:
Bitlocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Volume C: [Old Win7]
All Key Protectors
External Key:
ID: {F12ADB2E-22D5-4420-980C-851407E9EB30}
External Key File Name:
F12ADB2E-22D5-4420-980C-851407E9EB30.BEK
Numerical Password:
ID: {DFB478E6-8B3F-4DCA-9576-C1905B49C71E}
Password:
224631-534171-438834-445973-130867-430507-680922-709896
TPM And PIN:
ID: {EBAFC4D6-D044-4AFB-84E3-26E435067AA5}
In the above result, you would find an ID and Password for Numerical Password protector.
STEP 2: Use the numerical password protector’s ID from STEP 1 to backup recovery information to AD
In the below command, replace the GUID after the -id with the ID of Numerical Password protector.
manage-bde -protectors -adbackup c: -id {DFB478E6-8B3F-4DCA-9576-C1905B49C71E}
Bitlocker Drive Encryption: Configuration Tool version 6.1.7600
Copyright (C) Microsoft Corporation. All rights reserved.
Recovery information was successfully backed up to Active Directory.
You should now be able to view the recovery information for the volume in the active directory.
————————————————————————————————————————————– Reference: http://technet.microsoft.com/en-us/library/cc771778(WS.10).aspx#BKMK_AppendixA
