We had an issue where a bitlocker'd laptop died and the SSD was pulled. In order to read the SSD in another computer we need to supply the recovery key which is stored in AD. Except, it wasn't, for this laptop only. We are investigating why (suspect a mobo replacement a few months ago might have wiped it out somehow).
I know the bitlocker key WAS there before this mobo replacement (as I used it to unlock the SSD at the time) so thought I could restore the computer object from a backup of a domain controller. Having loaded and browsed the relevant restore point using Veeam Explorer for Active Directory, I can see all the AD objects properties, but couln't see the recovery key, or any bitlocker data. I cancelled out of that and managed to recovery the key another way, but I was curious to know if I had restored the object, would the recovery key be there?
In ADSIedit, Bitlocker data is stored in a sub-property of the computer object as shown below. Computers that don't have bitlocker enabled show nothing in this right-side pane.
