diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index f51079ffd1..8bbffe6363 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -617,7 +617,7 @@ }, { "source_path": "windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords#bitlocker-recovery-password-viewer", "redirect_document_id": false }, { @@ -7437,7 +7437,7 @@ }, { "source_path": "windows/security/operating-system-security/data-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md", - "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/recovery-password-viewer", + "redirect_url": "/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords#bitlocker-recovery-password-viewer", "redirect_document_id": false }, { diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide-password-reset.md b/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md similarity index 62% rename from windows/security/operating-system-security/data-protection/bitlocker/recovery-guide-password-reset.md rename to windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md index 6c52bc73da..5cd9c0bace 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-guide-password-reset.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/manage-recovery-passwords.md @@ -1,5 +1,5 @@ --- -title: Manage BitLocker recovery password +title: Manage BitLocker recovery passwords description: Learn how to recover BitLocker keys from Microsoft Entra ID and Active Directory Domain Services (AD DS). ms.collection: - highpri @@ -8,7 +8,7 @@ ms.topic: how-to ms.date: 09/29/2023 --- -# Recovery password +# Manage BitLocker recovery passwords ## Reset recovery password @@ -118,3 +118,40 @@ Device name: DESKTOP-53O32QI Key id: 045219ec-a53b-41ae-b310-08ec883aaedd BitLocker recovery key: 158422-038236-492536-574783-256300-205084-114356-069773 ``` + +## BitLocker Recovery Password Viewer + +BitLocker Recovery Password Viewer is an optional tool included with the *Remote Server Administration Tools (RSAT)*. With Recovery Password Viewer you can view the BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). The tool is an extension for the *Active Directory Users and Computers Microsoft Management Console (MMC)* snap-in. + +With BitLocker Recovery Password Viewer you can: + +- Check the Active Directory computer object's properties to find the associated BitLocker recovery passwords +- Search Active Directory for BitLocker recovery password across all the domains in the Active Directory forest. Passwords can also be searched by password identifier (ID) + +## Requirements + +To complete the procedures in this scenario, the following requirements must be met: + +- Domain administrator credentials +- Devices must be joined to the domain +- On the domain-joined devices, BitLocker must be enabled + +The following procedures describe the most common tasks performed by using the BitLocker Recovery Password Viewer. + +## View the recovery passwords for a computer object + +1. In **Active Directory Users and Computers**, locate and then select the container in which the computer is located +1. Right-click the computer object and select **Properties** +1. In the **Properties** dialog box, select the **BitLocker Recovery** tab to view the BitLocker recovery passwords that are associated with the computer + +## Copy the recovery passwords for a computer object + +1. Follow the steps in the previous procedure to view the BitLocker recovery passwords +1. On the **BitLocker Recovery** tab of the **Properties** dialog box, right-click the BitLocker recovery password that needs to be copied, and then select **Copy Details** +1. Press CTRL+V to paste the copied text to a destination location, such as a text file or spreadsheet + +## Locate a recovery password by using a password ID + +1. In Active Directory Users and Computers, right-click the domain container and select **Find BitLocker Recovery Password** +1. In the **Find BitLocker Recovery Password** dialog box, type the first eight characters of the recovery password in the **Password ID (first 8 characters)** box, and select **Search** +1. Once the recovery password is located, you can use the previous procedure to copy it diff --git a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md index f56eb8192e..8ecd4643e6 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md +++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md @@ -431,7 +431,6 @@ BackupToAAD-BitLockerKeyProtector -MountPoint "C:" -KeyProtectorId $BLV.KeyProte --- - ### Backup a recovery password to Active Directory #### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell) diff --git a/windows/security/operating-system-security/data-protection/bitlocker/recovery-password-viewer.md b/windows/security/operating-system-security/data-protection/bitlocker/recovery-password-viewer.md deleted file mode 100644 index d7a8008b7c..0000000000 --- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-password-viewer.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: How to use BitLocker Recovery Password Viewer -description: Learn how to use the BitLocker Recovery Password Viewer tool. -ms.collection: - - tier1 -ms.topic: how-to -ms.date: 07/25/2023 ---- - -# How to use BitLocker Recovery Password Viewer - -BitLocker Recovery Password Viewer is an optional tool included with the *Remote Server Administration Tools (RSAT)*. With Recovery Password Viewer you can view the BitLocker recovery passwords that are stored in Active Directory Domain Services (AD DS). The tool is an extension for the *Active Directory Users and Computers Microsoft Management Console (MMC)* snap-in. - -With BitLocker Recovery Password Viewer you can: - -- Check the Active Directory computer object's properties to find the associated BitLocker recovery passwords -- Search Active Directory for BitLocker recovery password across all the domains in the Active Directory forest. Passwords can also be searched by password identifier (ID) - -## Requirements - -To complete the procedures in this scenario, the following requirements must be met: - -- Domain administrator credentials -- Devices must be joined to the domain -- On the domain-joined devices, BitLocker must be enabled - -The following procedures describe the most common tasks performed by using the BitLocker Recovery Password Viewer. - -## View the recovery passwords for a computer object - -1. In **Active Directory Users and Computers**, locate and then select the container in which the computer is located -1. Right-click the computer object and select **Properties** -1. In the **Properties** dialog box, select the **BitLocker Recovery** tab to view the BitLocker recovery passwords that are associated with the computer - -## Copy the recovery passwords for a computer object - -1. Follow the steps in the previous procedure to view the BitLocker recovery passwords -1. On the **BitLocker Recovery** tab of the **Properties** dialog box, right-click the BitLocker recovery password that needs to be copied, and then select **Copy Details** -1. Press CTRL+V to paste the copied text to a destination location, such as a text file or spreadsheet - -## Locate a recovery password by using a password ID - -1. In Active Directory Users and Computers, right-click the domain container and select **Find BitLocker Recovery Password** -1. In the **Find BitLocker Recovery Password** dialog box, type the first eight characters of the recovery password in the **Password ID (first 8 characters)** box, and select **Search** -1. Once the recovery password is located, you can use the previous procedure to copy it - diff --git a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml index 587db1e04f..fd7e630d79 100644 --- a/windows/security/operating-system-security/data-protection/bitlocker/toc.yml +++ b/windows/security/operating-system-security/data-protection/bitlocker/toc.yml @@ -27,10 +27,8 @@ items: href: preboot-recovery-screen.md - name: BitLocker repair tool href: recovery-guide-repair-tool.md - - name: BitLocker password reset + - name: Manage BitLocker recovery passwords href: recovery-guide-password-reset.md - - name: BitLocker Recovery Password Viewer - href: recovery-password-viewer.md - name: Reference items: - name: BitLocker policy settings