If you query the computer’s distinguished name in (the low-level LDAP editor), you’ll see:
But you’re smart. You mandated BitLocker. And you told Group Policy to “Save BitLocker recovery information to Active Directory.” where is bitlocker key stored in active directory
You dig deeper. You open . You scroll past cn , objectClass , operatingSystem . Still nothing obvious. If you query the computer’s distinguished name in
Instead, Active Directory treats each BitLocker recovery key as a linked to the computer. The object class is called msFVE-RecoveryInformation (FVE = Full Volume Encryption, Microsoft’s internal code name for BitLocker). operatingSystem . Still nothing obvious. Instead
So you open . You right-click the computer object. You look at the tabs: General, Operating System, Member Of, Delegation . Nothing says “Keys.”