1
1
I have enabled bitlocker and bitlocker recovery keys are backed up in the AD.
I have deleted one of the recovery keys in the local machine using the following command
manage-bde -protectors -delete <Driver-Name> -id:<Recovery Key Id>
But when I search in the AD, the deleted key still persists under the computer. Is this the expected behaviour?
afaik they never get removed from AD. – Zoredache – 2018-07-09T07:10:14.950
Yes, it is expected. A computer object can have multiple recovery IDs associated with it, and this causes you no problem because you should be identifying the recovery key primarily by the ID the computer gives you when it needs the recovery key. – music2myear – 2018-07-11T18:11:58.277