When Bitlocker is enabled on workstation/ laptop in your entreprise, you must have a solution to get the recovery key of the hard drive. In some cases, Bitlocker can prompt to the user the Recovery key if it detects a specific behavior like partition changes.
The easiest solution is to use Active Directory Users And Computers console. This can only be possible if you set in the GPO to store Recovery Key into Active Directory.
With Active Directory Users And Computers, we can:
- Display Bitlocker Recovery key for one computer.
- Search in all Active Directory for a Password ID.
- Delegate Rights to display confidential information.