BitLocker Recovery Password Backup

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Recovery information for Windows BitLocker Drive Encryption (BitLocker) can be automatically backed up to Active Directory Domain Services (AD DS). Recovery information for BitLocker includes the recovery password for each BitLocker-enabled volume, and the information required to identify which computers and volumes the recovery information applies to.

You can also configure systems to back up a binary package containing the actual keying information in an encrypted form. Recovery information is not backed up by default, but administrators can configure backup by using Group Policy settings. For more information, see "Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information" (


Event ID Source Message



BitLocker Drive Encryption recovery information was backed up successfully to Active Directory Domain Services.
Protector GUID: %1
Volume GUID: %2



Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services.
Errorcode: %2
Protector GUID: %1
Volume GUID: %3

Related Management Information

BitLocker API

Core Security

Community Additions