Bitlocker Recovery Key in AD - Purge old keys?
Is it possible to delete old recovery keys that are stored in the AD Computer objects? Is there a limit to the amount of keys that can be stored in such an object?
0 Comments
[ + ] Show comments
Answers (1)
Answer Summary:
Please log in to answer
Posted by:
jdornan
11 years ago
Storing the bitlocker key in AD changes the computer account from a leaf object to a container object. The bitlocker key is stored as a child object to the related computer parent.
Im not aware of any limits To delete you would address as a child of the parent object. By default deleting computers with child objects is disabled and needs to be enabled so Im sure it is the saem with the children.
Comments:
-
Computer objects are already container objects (by default) - muebel 11 years ago