# On the BitLocker-protected machine, retrieve the recovery key protector's ID manage-bde -protectors -get c: manage-bde -protectors -adbackup c: -id GUID-from-protector-list
But the more direct AD query uses the ActiveDirectory module: get bitlocker recovery key from ad
Introduction When BitLocker Drive Encryption is deployed in a managed enterprise environment, Group Policy can be configured to automatically store the recovery password (and key package) in Active Directory. This is a critical disaster recovery measure: if a user forgets their PIN, loses their smart card, experiences a TPM malfunction, or moves a drive to another computer, the recovery key is required to unlock the encrypted volume. # On the BitLocker-protected machine, retrieve the recovery
# Import the required module Import-Module BitLocker Get-BitLockerRecoveryKey -MountPoint "C:" -ComputerName "PC-USER01" # On the BitLocker-protected machine