Enable BitLocker Recovery Password Viewer in Active Directory

The procedure described in this section is required only if you are using computer-specific (“personal”) keys. If you are using one institutional key for multiple Mac computers, go to Assign an Active Directory user who is authorized to manage an encrypted disk.

To enable the BitLocker Recovery Password Viewer feature in Active Directory

  1. On the domain controller, open Administrative Tools > Server Manager.
  2. In the navigation pane, right-click Features and select Add Features.
  3. In the Add Features wizard, expand Remote Server Administration Tools > Feature Administration Tools, select BitLocker Drive Encryption Administration Utilities, click Next, and click Install.
  4. After the BitLocker Drive Encryption Administration Utilities are installed, click Close.
  5. To verify that the BitLocker Drive Encryption Administration Utilities are installed:
    1. Open Active Directory Users and Computers.

    2. Navigate to domaincontroller > Domain Controllers.

    3. In the right-hand ADUC pane, right-click the domain controller and select Properties.

    4. If the BitLocker Drive Encryption Administration Utilities installed correctly, the Properties dialog contains a Bitlocker Recovery tab. On that tab, a “No items in this view” message displays. That message is normal, and does not indicate a problem with the BitLocker Drive Encryption Administration Utilities installation.