A recovery key is a 48-bit string that can be used to access the contents of a computer's encrypted hard disk if the password is forgotten by the user. Also in the case of a hardware malfunction that has severely damaged the hard disk, the contents of the drive can still possibly be accessed by inserting the drive in another computer and entering the recovery key.
After a BitLocker encryption policy is deployed, the BitLocker configuration process will be initiated during PC boot. Once this process is completed, the recovery key will be automatically generated. The admin can create or modify BitLocker policies using such that the recovery key information is also updated in the domain controller.
To easily retrieve the recovery key, it is recommended that it is backed up in the domain controller. Follow these steps to back up the recovery key data:
Note: By enabling this option, every time a new key is generated, it will automatically be updated in the Active Directory.
There are two ways the recovery key can be found:
To find the recovery key using this method, the recovery key identifier of the specific machine has to be obtained first. Follow these steps in order to find the recovery key identifier:
You have successfully obtained the recovery key using the Endpoint Central console.
Active Directory Users And Computers console enables admins to manage their active directory objects. It can be used as a Remote Server Administration tool (RSAT) to find the recovery key directly from a Windows machine. Follow these steps to find the recovery key and password ID of a specific managed computer:
You have successfully found the Recovery key of a Windows machine using ADUC.