BitLocker Active Directory Recovery Password Viewer Overview

Applies To: Windows Server 2008 R2

The BitLocker Active Directory Recovery Password Viewer tool is an optional feature included with the Remote Server Administration Toolkit (RSAT) that you can install by using the Add Feature wizard in the RSAT management console. This tool lets you locate and view BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). You can use this tool to help recover data that is stored on a volume that has been encrypted by using BitLocker. The BitLocker Active Directory Recovery Password Viewer tool is an extension for the Active Directory Users and Computers Microsoft Management Console (MMC) snap-in. Using this tool, you can examine a computer object's Properties dialog box to view the corresponding BitLocker recovery passwords. Additionally, you can right-click a domain container and then search for a BitLocker recovery password across all the domains in the Active Directory forest.

Usage requirements

To view recovery passwords, you must be a domain administrator, or you must have been delegated permissions by a domain administrator. In addition, to use the BitLocker Active Directory Recovery Password Viewer, the following conditions must be true:

  • The domain must be configured to store BitLocker recovery information.

  • The computers protected by BitLocker must be joined to the domain.

  • BitLocker Drive Encryption must have been enabled on the computers.

Common tasks

The following procedures describe the most common tasks performed by using the Active Directory Recovery Password Viewer.

To view the recovery passwords for a computer

  1. In Active Directory Users and Computers, locate and then click the container in which the computer is located.

  2. Right-click the computer object, and then click Properties.

  3. In the Properties dialog box, click the BitLocker Recovery tab to view the BitLocker recovery passwords that are associated with the particular computer.

To copy the recovery passwords for a computer

  1. Follow the steps in the previous procedure to view the BitLocker recovery passwords.

  2. On the BitLocker Recovery tab of the Properties dialog box, right-click the BitLocker recovery password that you want to copy, and then click Copy Details.

  3. Press CTRL+V to paste the copied text to a destination location, such as a text file or spreadsheet.

To locate a recovery password

  1. In Active Directory Users and Computers, right-click the domain container, and then click Find BitLocker Recovery Password.

  2. In the Find BitLocker Recovery Password dialog box, type the first eight characters of the recovery password in the Password ID (first 8 characters) box, and then click Search.