Hi All,
We are having a problem with implementing Bitlocker to store the recovery information in AD.
We are following this MS paper (http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx)
We did the following steps;
- We extended our Schema for the support of BitLocker.
- We verified that the Bitlocker object exsist in the schema after the update.
CN=ms-FVE-RecoveryGuid
CN=ms-FVE-RecoveryInformation
CN=ms-FVE-RecoveryPassword
CN=ms-FVE-VolumeGuid
CN=ms-TPM-OwnerInformation
- We ran the ACE script (Add-TPMSelfWriteACE.vbs) to add give the computer object (Self) rights to write info to ms-TPM-OwnerInformation object.
- We verified that the ACE where set correctly.
- Created a GPO to store the recovery information into AD.
- Verified if the GPO was pushed to the clients.
Still we are not able to get Bitlocker to write the recovery info into AD.
One strange thing we see is that after the Schema update all computer have the "ms-TPM-OwnerInformation" Attribute. But we don't see the other attributes on a computer object like;
CN=ms-FVE-RecoveryGuid
CN=ms-FVE-RecoveryInformation
CN=ms-FVE-RecoveryPassword
CN=ms-FVE-VolumeGuid
But when we look into the schema itself we see the objects are there.
Does any one have a idea?