Storing recovery passwords in AD DS is recommended to provide a way for IT professionals to be able to obtain recovery passwords for drives in their organization if needed.
A domain administrator can obtain the recovery password from AD DS and use it to unlock the drive. If the drive is an operating system drive, the drive must be mounted as a data drive on another computer for the data recovery agent to unlock it. A data recovery agent can use their credentials to unlock the drive. (Saving a recovery password with your Microsoft Account online is only allowed when BitLocker is used on a PC that is not a member of a domain). If your organization allows users to print or store recovery passwords, the user can type in the 48-digit recovery password that they printed or stored on a USB drive or with your Microsoft Account online. The user can supply the recovery password. In a recovery scenario, you have the following options to restore access to the drive: What is BitLocker recovery?īitLocker recovery is the process by which you can restore access to a BitLocker-protected drive in the event that you cannot unlock the drive normally. #Dell bitlocker recovery key windows 10 how to
This article does not detail how to configure AD DS to store the BitLocker recovery information. This article assumes that you understand how to set up AD DS to back up BitLocker recovery information automatically, and what types of recovery information are saved to AD DS. Creating a recovery model for BitLocker while you are planning your BitLocker deployment is recommended. Organizations can use BitLocker recovery information saved in Active Directory Domain Services (AD DS) to access BitLocker-protected data.
This article for IT professionals describes how to recover BitLocker keys from AD DS.
0 kommentar(er)
