Jump to content


We use cookies to let you log in, for ads and for analytics. OK

Photo

Strange Behavior on Writing Bitlocker key to AD

bitlocker windows 7 active directory



  • Please log in to reply
1 reply to this topic

#1 NobleComputing

NobleComputing

    Newbie

  • Established Members
  • Pip
  • 5 posts

Posted 29 February 2016 - 09:45 PM

The writing of the Bitlocker key to AD has been working flawlessly... until we started to receiving machines with SSD drives in them.  The task sequence works flawlessly with no errors.  The problem is the bitocker recovery tab within AD is empty.  I can run the manual way (https://blogs.techne...n-in-windows-7/ ) and it will input the data in to ad, but I do not want to have to do this :)

 

The real strange thing is if I remove the machine from AD, and reimage it, the key properly registers itself within AD.  Only on the second pass will it work?





#2 ranmojo

ranmojo

    Newbie

  • Established Members
  • Pip
  • 9 posts
  • Gender:Male

Posted 31 December 2016 - 03:04 AM

I had similar issues, the BDE recovery key would inconsistently be written to AD (usually not at all). You were _very close_ with the link you pasted. Yes, it has manual steps in the discussion but there is a lead-up to an automated script at the bottom, it's a link - look carefully for it below the authors' signatures: "BDEAdBackup.vbs"

 

I've tried this script by inserting it as a new command line task in my sequence toward the very bottom, after I've already enabled BitLocker. If you do it too fast there may not be key data ready to write to AD. In my case, it solved the issue.

 

I usually kick it off by running:   cscript.exe %SCRIPTROOT%\Custom\BDEAdBackup.vbs

 

Original blog post with that script link is: https://blogs.techne...n-in-windows-7/

 

Your mileage may vary. Good luck.







Also tagged with one or more of these keywords: bitlocker, windows 7, active directory

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users