Would you like to learn how to delegate access to BitLocker recovery keys in the Active Directory? In this tutorial, we are going to show you how to allow a group of users to read the BitLocker recovery keys on the Active Directory.
• Windows 2012 R2
• Windows 2016
• Windows 2019
• Windows 10
• Windows 7
Equipment list
The following section presents the list of equipment used to create this tutorial.
As an Amazon Associate, I earn from qualifying purchases.
Windows Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Windows.
Tutorial Windows – Delegate access to BitLocker recovery keys
Open the application named: Active Directory Users and Computers.
Create a new group.
Right-click on the desired organizational unit.
Select the option to Delegate Control.
Select the desired group.
Select the option to create a custom task.
Select only the object named: MSFVE-RECOVERYINFORMATION.
Select the full control permission.
Click on the Next button to finish the configuration.
In our example, members of the group named MY-ADMIN will be able to access the Bitlocker recovery keys stored inside the organizational unit named TEST.
You will not be able to view the Bitlocker recovery keys in other organizational units.
Congratulations! You are able to delegate permission to access the Bitlocker recovery keys in the Active Directory.