Jump to content

We use cookies to let you log in, for ads and for analytics. OK


Strange Behavior on Writing Bitlocker key to AD

bitlocker windows 7 active directory

  • Please log in to reply
1 reply to this topic

#1 NobleComputing



  • Established Members
  • Pip
  • 5 posts

Posted 29 February 2016 - 09:45 PM

The writing of the Bitlocker key to AD has been working flawlessly... until we started to receiving machines with SSD drives in them.  The task sequence works flawlessly with no errors.  The problem is the bitocker recovery tab within AD is empty.  I can run the manual way (https://blogs.techne...n-in-windows-7/ ) and it will input the data in to ad, but I do not want to have to do this :)


The real strange thing is if I remove the machine from AD, and reimage it, the key properly registers itself within AD.  Only on the second pass will it work?

#2 ranmojo



  • Established Members
  • Pip
  • 9 posts
  • Gender:Male

Posted 31 December 2016 - 03:04 AM

I had similar issues, the BDE recovery key would inconsistently be written to AD (usually not at all). You were _very close_ with the link you pasted. Yes, it has manual steps in the discussion but there is a lead-up to an automated script at the bottom, it's a link - look carefully for it below the authors' signatures: "BDEAdBackup.vbs"


I've tried this script by inserting it as a new command line task in my sequence toward the very bottom, after I've already enabled BitLocker. If you do it too fast there may not be key data ready to write to AD. In my case, it solved the issue.


I usually kick it off by running:   cscript.exe %SCRIPTROOT%\Custom\BDEAdBackup.vbs


Original blog post with that script link is: https://blogs.techne...n-in-windows-7/


Your mileage may vary. Good luck.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users