How To Windows

How to Fix Active Directory Not Showing BitLocker Recovery Key Tab

By Raj Bepari 4 min read
Recommended: Download Windows Speedup Tool to quickly fix PC issues.

Many system administrators use Active Directory to store and manage BitLocker recovery keys for domain-joined Windows devices. Normally, when BitLocker recovery information is properly backed up to Active Directory, administrators can view the recovery details from the computer object properties inside Active Directory Users and Computers (ADUC). However, some users notice that the BitLocker Recovery tab is missing entirely.

This issue usually occurs because the BitLocker Recovery Password Viewer feature is not installed, the required administrative tools are missing, Active Directory schema extensions are incomplete, or Group Policy settings are not configured correctly. In some cases, insufficient permissions or replication problems can also prevent the recovery tab from appearing.

Fortunately, there are several ways to fix the missing BitLocker recovery key tab issue in Active Directory. In this guide, we will walk you through all the effective troubleshooting methods step by step.

How to Fix Active Directory Not Showing BitLocker Recovery Key Tab

1. Install BitLocker Recovery Password Viewer

The most common reason for the missing recovery tab is that the BitLocker Recovery Password Viewer feature is not installed on the server or management workstation.

  1. Open Server Manager.
  2. Click Manage in the top-right corner.
  3. Select Add Roles and Features.
  4. Click Next until you reach the Features section.
  5. Expand:
    • Remote Server Administration Tools
    • Feature Administration Tools
    • BitLocker Drive Encryption Administration Utilities
  6. Enable:
    • BitLocker Recovery Password Viewer
  7. Click Next.
  8. Select Install.
  9. Restart the server if prompted.

After installation, reopen Active Directory Users and Computers and check whether the BitLocker Recovery tab appears.

2. Enable Advanced Features in Active Directory Users and Computers

The recovery information may not appear unless Advanced Features is enabled in ADUC.

  1. Open Active Directory Users and Computers.
  2. Click the View menu at the top.
  3. Select Advanced Features.
  4. Locate the target computer object.
  5. Right-click the computer and select Properties.
  6. Check whether the BitLocker Recovery tab is visible.

If the tab is still missing, continue with the next method.

3. Verify BitLocker Recovery Keys Are Stored in Active Directory

The tab may not appear if the computer has not backed up its recovery keys to Active Directory.

  1. Open Command Prompt as administrator on the client computer.
  2. Run the following command:
manage-bde -protectors -get C:
  1. Verify that BitLocker protection is enabled.
  2. Next, run:
manage-bde -protectors -adbackup C: -id {RecoveryKeyID}

Replace {RecoveryKeyID} with the actual recovery key ID displayed in the previous command.

  1. Wait for the backup process to complete.

After backing up the recovery key, check Active Directory again.

4. Verify Group Policy Settings

If Group Policy is not configured correctly, Windows may not store BitLocker recovery keys in Active Directory.

  1. Press Windows + R.
  2. Type gpedit.msc and press Enter.
  3. Navigate to:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption
  1. Open the appropriate drive type policy:
    • Operating System Drives
    • Fixed Data Drives
    • Removable Data Drives
  2. Double-click:
    • Choose how BitLocker-protected drives can be recovered
  3. Enable the policy.
  4. Check:
    • Save BitLocker recovery information to Active Directory Domain Services
  5. Enable:
    • Store recovery passwords and key packages
  6. Click Apply and then OK.
  7. Run the following command in Command Prompt:
gpupdate /force

Restart the client computer afterward.

5. Verify Active Directory Schema Supports BitLocker

Older Active Directory environments may not include the required BitLocker schema extensions.

  1. Open Command Prompt on the domain controller.
  2. Run the following command:
dsquery * "cn=Schema,cn=Configuration,dc=domain,dc=com" -scope base -attr objectVersion
  1. Verify that your Active Directory schema version supports BitLocker recovery storage.

Modern Windows Server versions already include the required schema extensions by default.

If your environment uses an older schema, you may need to extend it manually.

6. Restart Active Directory Services

Temporary AD-related glitches may prevent the recovery tab from displaying properly.

  1. Press Windows + R.
  2. Type services.msc and press Enter.
  3. Restart the following services if available:
    • Active Directory Domain Services
    • Active Directory Web Services
  4. Close and reopen ADUC afterward.

You may also restart the domain controller if necessary.

7. Check Replication Status

If Active Directory replication is failing, the recovery information may not appear on all domain controllers.

  1. Open Command Prompt as administrator.
  2. Run the following command:
repadmin /replsummary
  1. Review the replication results for errors.
  2. Resolve any replication issues reported.
  3. Wait for replication to complete across domain controllers.

After replication finishes, verify whether the recovery tab appears.

8. Use PowerShell to Verify Stored Recovery Keys

You can confirm whether recovery information exists in Active Directory using PowerShell.

  1. Open Windows PowerShell as administrator.
  2. Run the following command:
Get-ADObject -Filter 'objectClass -eq "msFVE-RecoveryInformation"'
  1. Review the output.

If recovery objects are listed, BitLocker keys are stored successfully in Active Directory.

If no results appear, the client computer may not have backed up the recovery information properly.

9. Reinstall RSAT Tools

Corrupted or incomplete RSAT installations can sometimes prevent the BitLocker tab from appearing.

  1. Open Settings.
  2. Navigate to Apps > Optional features.
  3. Remove:
    • RSAT: Active Directory Domain Services and Lightweight Directory Services Tools
  4. Restart your computer.
  5. Return to Optional features.
  6. Reinstall the RSAT tools.
  7. Open ADUC again and check the computer object properties.

10. Update Windows Server and RSAT Components

Outdated management tools can sometimes cause compatibility issues.

  1. Open Settings.
  2. Navigate to Windows Update.
  3. Click Check for updates.
  4. Install all available updates.
  5. Restart the server or workstation.

Keeping Windows Server and RSAT tools updated ensures compatibility with BitLocker management features.

Conclusion

The missing BitLocker Recovery tab in Active Directory is usually caused by missing BitLocker Recovery Password Viewer components, incorrect Group Policy settings, schema limitations, or replication issues. In most cases, installing the BitLocker Recovery Password Viewer feature and enabling Advanced Features in ADUC resolves the problem quickly.

If the issue continues even after trying all the methods above, verify that BitLocker recovery keys are actually being backed up to Active Directory and confirm that your domain environment supports BitLocker recovery integration properly.

Raj Bepari

I’m a digital content creator passionate about everything tech.