Hello.
Im hoping someone can help me with my struggle in getting the TPM key to backup to AD DS.
Im running Server 2008 R2.
I performed all steps outlined in these articles.
https://technet.microsoft.com/en-us/library/mt431876%28v=vs.85%29.aspx
https://technet.microsoft.com/en-us/library/mt431885%28v=vs.85%29.aspx
If I try to change the TPM owner password it results in an access denied.
If I try to prepare the TPM it says the TPM was not turned on due to an active directory backup failure.
It works fine with Windows 7.
It does not work with Windows 8 or Windows 10 (I specifically need it for 10 though).
If I remove the TPM options from group policy all works fine and bitlocker will backup its key to AD DS.
So it seems to be just a problem with the TPM key on Win 8 and 10.
Long story short, Ive tried everything in every article about making sure the schema is updated, the ACEs are applied, the GPO is correct, etc...
But I feel that it is still an ACE issue with some object that isnt covered by any of the scripts provided.
I did, however, give 'self' full control over all objects in a test OU - still no help.
At this point, is it even worth backing up the TPM key?
I can still recover an encrypted drive if need be, so whats the benefit?