Is it possible to delete old recovery keys that are stored in the AD Computer objects? Is there a limit to the amount of keys that can be stored in such an object? 

Answer Summary:
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



Storing the bitlocker key in AD changes the computer account from a leaf object to a container object. The bitlocker key is stored as a child object to the related computer parent.

Im not aware of any limits To delete you would address as a child of the parent object. By default deleting computers with child objects is disabled and needs to be enabled so Im sure it is the saem with the children.

Answered 01/26/2013 by: jdornan
Red Belt

  • Computer objects are already container objects (by default)
Please log in to comment