Use this only to get the Bitlocker key after disabling encryption/re-enabling and doing TPM
**You can run this on N-Central and start a CMD session**
Just make sure that the user is in a branch office or on VPN
Run CMD in N-Central
- Click on Device Name > Tools > Command Prompt > Start Session
Type in manage-bde -protectors -get c:
- This should give you some long string code
- You're looking for the Numerical Password ID
- Ex: {DAB438E6-8B5F-4BDA-9273-C1654B49C717E}
After you get that ID, input the next command below to sync the password to AD
- Manage-bde -protectors c: -adbackup -id '{DAB438E6-8B5F-4BDA-9273-C1654B49C717E}'
If that doesn't work then use:
Manage-bde -protectors -adbackup c: -id {DAB438E6-8B5F-4BDA-9273-C1654B49C717E}
NOTE: IF USING POWERSHELL SEE BELOW
If using PowerShell, encapsulate the ID with a single quotation, see example below
'{DAB438E6-8B5F-4BDA-9273-C1654B49C717E}'