Windows Vista Bitlocker Active Directory Schema

Ragnar · Dec 9, 2006

Hi

Where can I find the Active Directory Schema script/procedure required to
enable Bitlocker recovery to Active Directory? Isn't it available for
download yet?

Thanks.

Regards,
Ragnar

Jorge de Almeida Pinto [MVP - DS] · Dec 10, 2006

Tomek provides information about this:
http://blogs.dirteam.com/blogs/tome...Schema-extensions-for-Vista-new-features.aspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

Ragnar · Dec 11, 2006

Thanks for your reply.

However I have already tried these schema extensions in a test environment -
they did not help me enable Bitlocker recovery to AD. The
"VistaSecurity_TWP.doc" document refers to something called "BitLocker
Active Directory Deployment Pack". Do you (or anyone else) know where I may
get a hold of this, seems that this will contain additional details as well
as the "AddWriteACEs.vbs" script needed to configure some permissions.

Regards,
Ragnar

"Jorge de Almeida Pinto [MVP - DS]"

Mika Seitsonen · Dec 11, 2006

Hi Ragnar,

You should not use ADprep on Vista DVD as the results are not what you look
for. Microsoft will make information on storing Bitlocker Recovery keys in
AD available soon - I'd guess when its ready

ADprep command and accompanying
ldf files on Vista DVD are there for informational purpose only and as such
they should not be used in production AD (2000/2003/R2).

HTH
Mika

Ragnar · Dec 13, 2006

Hi

Yes I also found that it did not work with these schema extensions. So it is
as I feared - patience is required while we wait on Microsoft to provide the
necessary information and tools....Thanks.

/Ragnar

Mika Seitsonen · Jan 12, 2007

Hi again,

The guide and included LDIF file and scripts are finally available:
http://www.microsoft.com/downloads/...15-dfc3-4579-90cd-86ac666f61d4&displaylang=en

A bit more information on http://msmvps.com/blogs/mika/archiv...p-bitlocker-and-tpm-recovery-information.aspx.
I've tested all of the tools with Lenovo Thinkpad T60 and found them working

HTH
Mika

Hi

Yes I also found that it did not work with these schema extensions. So
it is as I feared - patience is required while we wait on Microsoft to
provide the necessary information and tools....Thanks.

/Ragnar

Hi Ragnar,

You should not use ADprep on Vista DVD as the results are not what
you look for. Microsoft will make information on storing Bitlocker
Recovery keys in AD available soon - I'd guess when its ready
ADprep command and accompanying ldf files on Vista DVD are there for
informational purpose only and as such they should not be used in
production AD (2000/2003/R2).

HTH
Mika

Thanks for your reply.

However I have already tried these schema extensions in a test
environment - they did not help me enable Bitlocker recovery to AD.
The "VistaSecurity_TWP.doc" document refers to something called
"BitLocker Active Directory Deployment Pack". Do you (or anyone
else) know where I may get a hold of this, seems that this will
contain additional details as well as the "AddWriteACEs.vbs" script
needed to configure some permissions.

Regards,
Ragnar
"Jorge de Almeida Pinto [MVP - DS]"
message Tomek provides information about this:
http://blogs.dirteam.com/blogs/tomek/archive/2006/12/04/Schema-exte
ns
ions-for-Vista-new-features.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
-------------------------------------------------------------------
--
---------------------
* This posting is provided "AS IS" with no warranties and confers
no
rights!
* Always test before implementing!
-------------------------------------------------------------------
--
---------------------
#################################################
#################################################
-------------------------------------------------------------------
--
---------------------
Hi

Where can I find the Active Directory Schema script/procedure
required to enable Bitlocker recovery to Active Directory? Isn't
it available for download yet?

Thanks.

Regards,
Ragna

Click to expand...

Click to expand...

Ragnar · Feb 1, 2007

Thank you for posting this!

I'll test it during the weekend....

/Ragnar

Mika Seitsonen said:
Hi again,

The guide and included LDIF file and scripts are finally available:
http://www.microsoft.com/downloads/...15-dfc3-4579-90cd-86ac666f61d4&displaylang=en

A bit more information on
http://msmvps.com/blogs/mika/archiv...p-bitlocker-and-tpm-recovery-information.aspx.
I've tested all of the tools with Lenovo Thinkpad T60 and found them
working

HTH
Mika

Hi

Yes I also found that it did not work with these schema extensions. So
it is as I feared - patience is required while we wait on Microsoft to
provide the necessary information and tools....Thanks.

/Ragnar

Hi Ragnar,

You should not use ADprep on Vista DVD as the results are not what
you look for. Microsoft will make information on storing Bitlocker
Recovery keys in AD available soon - I'd guess when its ready
ADprep command and accompanying ldf files on Vista DVD are there for
informational purpose only and as such they should not be used in
production AD (2000/2003/R2).

HTH
Mika
Thanks for your reply.

However I have already tried these schema extensions in a test
environment - they did not help me enable Bitlocker recovery to AD.
The "VistaSecurity_TWP.doc" document refers to something called
"BitLocker Active Directory Deployment Pack". Do you (or anyone
else) know where I may get a hold of this, seems that this will
contain additional details as well as the "AddWriteACEs.vbs" script
needed to configure some permissions.

Regards,
Ragnar
"Jorge de Almeida Pinto [MVP - DS]"
message Tomek provides information about this:
http://blogs.dirteam.com/blogs/tomek/archive/2006/12/04/Schema-exte
ns
ions-for-Vista-new-features.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
-------------------------------------------------------------------
--
---------------------
* This posting is provided "AS IS" with no warranties and confers
no
rights!
* Always test before implementing!
-------------------------------------------------------------------
--
---------------------
#################################################
#################################################
-------------------------------------------------------------------
--
---------------------
Hi

Where can I find the Active Directory Schema script/procedure
required to enable Bitlocker recovery to Active Directory? Isn't
it available for download yet?

Thanks.

Regards,
Ragnar

Click to expand...

Click to expand...