Get Bitlocker Recovery Key From Active Directory Jun 2026

dsquery * "CN=GUID,CN=ComputerName,OU=Workstations,DC=domain,DC=com" -attr msFVE-RecoveryPassword

If the computer name is unknown, administrators can search the entire forest using only the Recovery ID: Right-click the in ADUC and select Find BitLocker Recovery Password get bitlocker recovery key from active directory

This is the most common method for IT administrators. To use this, you need the feature installed (part of RSAT). Open ADUC : Press Win + R , type dsa.msc , and hit Enter. dsquery * "CN=GUID

If your environment has properly configured Group Policies to back up BitLocker keys to AD (and that’s a big “if” for some shops), this method turns a potential data-loss disaster into a 90-second fix. No bootable USBs, no third-party tools, no praying the user saved the key in their OneDrive. no third-party tools