operations guide

windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md

@@ -235,15 +235,13 @@ Device name: DESKTOP-53O32QI
  BitLocker recovery key: 158422-038236-492536-574783-256300-205084-114356-069773
 ```
 
-
-
 ## BitLocker Recovery Password Viewer
 
-BitLocker Recovery Password Viewer is an optional tool included with the *Remote Server Administration Tools (RSAT)*. With Recovery Password Viewer, you can view the BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). The tool is an extension for the *Active Directory Users and Computers Microsoft Management Console (MMC)* snap-in.
+BitLocker Recovery Password Viewer is an optional tool included with the *Remote Server Administration Tools (RSAT)*, and it's an extension for the *Active Directory Users and Computers Microsoft Management Console (MMC)* snap-in.
 
 With BitLocker Recovery Password Viewer you can:
 
-- Check the Active Directory computer object's properties to find the associated BitLocker recovery passwords
+- Check the Active Directory computer object's properties to retrieve the associated BitLocker recovery passwords
 - Search Active Directory for BitLocker recovery password across all the domains in the Active Directory forest. Passwords can also be searched by password identifier (ID)
 
 ### Requirements
@@ -293,29 +291,16 @@ Client-driven recovery password rotation to Enable rotation on Azure AD-joined d
 Save BitLocker recovery information to Azure Active Directory to Enabled
 Store recovery information in Azure Active Directory before enabling BitLocker to Required
 
-
 ## BitLocker Repair tool
 
 If the recovery methods discussed earlier in this document don't unlock the volume, the *BitLocker Repair tool* (`repair-bde.exe`) can be used to decrypt the volume at the block level. The tool uses the *BitLocker key package* to help recover encrypted data from severely damaged drives.
 
-> [!IMPORTANT]
-> The *BitLocker key package* can be stored in Active Directory Domain Services (AD DS), not in Microsoft Entra ID.
-
 The recovered data can then be used to salvage encrypted data, even if the correct recovery password fails to unlock the damaged volume. It's recommended to still save the recovery password, as a key package can't be used without the corresponding recovery password.
 
 ### Retrieve the BitLocker key package
 
 To export a previously saved key package from AD DS, it's required to have read access to the BitLocker recovery passwords and key packages that are stored in AD DS. By default, only Domain Admins have access to BitLocker recovery information, but [access can be delegated to others](/archive/blogs/craigf/delegating-access-in-ad-to-bitlocker-recovery-information).
 
-To learn more about the BitLocker attributes stored in AD DS, review the following articles:
-
-- [ms-FVE-KeyPackage attribute](/windows/win32/adschema/a-msfve-keypackage)
-- [ms-FVE-RecoveryPassword attribute](/windows/win32/adschema/a-msfve-recoverypassword)
-
-## BitLocker Repair tool
-
-The Repair Tool can reconstruct critical parts of a drive and salvage recoverable data, as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive is corrupt, the backup key package in addition to the recovery password or recovery key must be supplied. With the key package and either the recovery password or recovery key, portions of a corrupted BitLocker-protected drive can be decrypted. Each key package works only for a drive that has the corresponding drive identifier.
-
 Use the Repair tool in the following conditions:
 
 - The drive is encrypted using BitLocker
@@ -332,3 +317,5 @@ The following limitations exist for Repair-bde:
 
 For a complete list of the `repair-bde.exe` options, see the [Repair-bde reference](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829851(v=ws.11)).
 
+
+