Bitlocker Attribute Active | Directory Portable

Do not give Helpdesk staff Domain Admin rights just to retrieve keys. Delegate specific permissions on the msFVE-RecoveryInformation attribute or use the "BitLocker Drive Encryption Recovery" built-in delegation wizard to allow specific security groups to read recovery passwords.

: Windows Server 2012 or later is generally required for native support. bitlocker attribute active directory

This is the easiest method. It is a Windows Feature that adds a tab directly to the ADUC console. Do not give Helpdesk staff Domain Admin rights

Additional related attributes include: