Task:
How to enable Bitlocker and store the recovery key to AD? Using Windows 2008 MDT server, Windwos 7 clients, Windows 2003 domain.
Problem:
Seems to be something I am missing from all the information available to Enable Bitlocker and store the recovery key to AD.
Steps Taken:
1) Follwed the BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory
2) Verified that Bitlocker key is stored to AD by logging on as a Domain Admin on a Win 7 box, Initializing TPM and Bitlocker, Ran the scripts successfully:
- Get-TPMOwnerInfo.vbs
- Get-BitLockerRecoveryInfo.vbs
3) Enabled the Bitlocker task in MDT 2010, as shown in here http://blogs.technet.com/blogfiles/deploymentguys/WindowsLiveWriter/HowtoconfigureBitLockeronadditionaldriv_D4F8/image_2.png
- Selected Drive to Encrypt = TPM Only
- Choose where to create the recovery key = AD
4) Using PXE boot started the Lite touch seq, selected the Bitlocker options, started the Win 7 install.
5) Bitlocker starts finishes encrypting the drive but no recovery key stored in AD.
What am I missing?
Thanks