Skip to content

Posts from the ‘Active Directory’ Category

15
Feb

Windows Sysprepped Machine Fails to Automatically Register with Azure

Beginning with Windows 10 1511, Windows based¬†computers will attempt to automatically register with Azure Active Directory.¬†For this to succeed some configuration is required (I won’t go into this detail, but you can find official steps here: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup). Read moreRead more

18
Oct

ADFS: Raise Farm Behavior Level Issue

After upgrading our ADFS servers to Windows Server 2016, the last step was to raise the Farm Behavior Level using the Invoke-AdfsFarmBehaviorLevelRaise PowerShell cmdlet. In my case, when I ran this command, I received the following error:

Read moreRead more

8
Jan

How to Retrieve BitLocker Recovery Password

To locate and retrieve the BitLocker Recovery Password for a computer in Active Directory, follow these steps:

  1. Start > Run > adsiedit.msc
  2. Expand the tree and select the computer name:
    • DC=<domain>,DC=<root>
      • OU=<location_of_computer_acct>
        • CN=<computer_name>
  3. Double-click (or right-click > Properties) the entry in the right pane (i.e. CN=<date>T<time>-<timezone><GUID>)
  4. Scroll down and locate “msFVE-RecoveryPassword”
  5. Double-click (or left-click > Edit) the attribute to see the Recovery Password
  6. Use the Recovery Password to unlock the computer

If the Recovery Password is required due to the replacement of the motherboard or other core hardware, you will need to decrypt and re-encrypt the hard drive in order to avoid needing the Recovery Password at every boot.