Hello, we have Windows 8 Enterprise laptops and a resource domain running Windows Server 2012. Bitlocker is configured to be enabled as part of the SCCM 2012 task sequence.
The group policy settings have been turned on to store Bitlocker info in AD and if I run ADSIEDIT, underneath the object for the computer, I can see an object with a name of cn=<date-time>{lotsofcharacters}
So it looks like the information is in AD (or something is in there).
The problem is that when I want to do a recovery (say I put the drive into another laptop), I get to a screen saying:
Bitlocker Recovery
Enter the recovery key for this drive
It then gives me a recovery key ID.
What do I do now? It appears to be looking for a numeric key, but I can't see one in AD (so the characters I can see in ADSIedit don't work). If I run ADU&C, the "Bitlocker Recovery" tab in the properties of the computer tells me that "No items in this view." and if I right-click at on the domain and chose "Find Bitlocker recovery password" I am not sure what to enter. The first eight characters of the "Recovery key ID"? Can't be that because it doesn't find anything. Where is te password ID though if it is different from the recovery key ID? And where is the recovery key?
Thanks