Double Bitlocker Recovery Tab in Active Directory

bitlockerwindows-server-2012-r2

I've strange issue with double bitlocker tab having exactly same look. Any idea how I can remove one?

enter image description here

Best Answer

Witnessed on several domains that have gone through upgrades from 2008 to 2012.

The fix outlined below will remove the duplicate BitLocker Recovery tab in ADUC and the duplicate Action > Find BitLocker recovery password Action menu option when running ADUC in an English locale only. For other language locales, the process is the same but a different path is used.

Remove Duplicate BitLocker Recovery Tab

  1. Open ADSI Edit, right-click on ADSI Edit top level node, click Connect to...
  2. Select a well known Naming Context: Configuration, click OK. Do not select the Default Naming Context (which is Domain), we want Configuration.
  3. Drill down to Configuration > DisplaySpecifiers > 409 and open up the computer-Display container.
    • Substitute 409 for other hex code for other (than English) locales.
  4. In the Attribute Editor tab, open adminPropertyPages, select 14,{2FB1B669-59EA-4F64-B728-05309F2C11C8}, and click Remove.
    • Note that two {2FB1B669-59EA-4F64-B728-05309F2C11C8} entries exist in this attribute. We are removing one of them. In cases where integer prefix is not 13,{GUID} and 14,{GUID} - find yours and remove the greater integer entry.

BitLocker Recovery Tab Removal Process

Remove Duplicate Action > Find BitLocker recovery password Menu Option

  1. Keep ADSI Edit open.
  2. Drill down to Configuration > DisplaySpecifiers > 409 and open up the domainDNS-Display container.
    • Substitute 409 for other hex code for other (than English) locales.
  3. In the Attribute Editor tab, open adminContextMenu, select 4,{2FB1B669-59EA-4F64-B728-05309F2C11C8}, and click Remove.
    • Note that two {2FB1B669-59EA-4F64-B728-05309F2C11C8} entries exist in this attribute. We are removing one of them. In cases where integer prefix is not 3,{GUID} and 4,{GUID} - find yours and remove the greater integer entry.

Find BitLocker recovery password Removal Process

After completing the removals wait for Active Directory replication to complete and open/re-open ADUC on a replicated domain controller. The changes only need to be made once per forest since changes are in the Configuration NC.

Additional Reference

https://support.microsoft.com/en-us/help/928202/how-to-use-the-bitlocker-recovery-password-viewer-for-active-directory

Related Topic