BitLocker Recovery Password Viewer tool is an optional feature included with Windows Server 2008 – 2019, which lets you store and view BitLocker recovery keys in AD for all client computers. By default, this feature is not installed and BitLocker Recovery tab in ADUC is missing. In this tutorial we’ll show you 2 methods to install BitLocker Recovery Password Viewer for Active Directory in Windows Server 2008/2012/2016/2019.
Method 1: Install BitLocker Recovery Password Viewer Using PowerShell
If you need to install BitLocker Recovery Password Viewer on a server running Windows Server Core, try this method:
- Press the Windows key + X or right-click on the Start button to open the context menu, then select Windows PowerShell (Admin).
- Run the following command to add the optional “BitLocker Drive Encryption” feature:
Install-WindowsFeature BitLocker -IncludeAllSubFeature -IncludeManagementTools
- When it’s done, you’ll be prompted to restart your server to finish the installation process.
Method 2: Install BitLocker Recovery Password Viewer Using Server Manager
- Open Server Manager and click on “Add roles and features“.
- Click Next through the wizard until you get to the Server Roles page. Make sure “Active Directory Domain Services” is checked.
- In the Features page, check the “BitLocker Drive Encryption” feature.
For Windows Server 2008, you need to expand Remote Server Administration Tools –> Feature Administration Tools and check the option for “BitLocker Drive Encryption Administration Utilities“
- If you’re prompted to confirm adding features that are required for BitLocker Drive Encryption, click on Add Feature button.
- Once completing the wizard, take a look at the Computer Properties dialogue box in Active Directory Users And Computers, you’ll see the BitLocker Recovery tab.