I have a windows server 2012 R2 DC with a windows 10 that is part of the domain. I configured BitLocker to store recovery keys in Active Directory using this tutorial
When I try to encrypt a usb stick with the domain admin account everything works fine and I got the key stored in the AD.
manage-bde -on x: -rp -used
If I try the same operation with a normal user (elevated prompt with local admin account) I got this error: ERROR: An error occurred (code 0x8031000a): The Active Directory Domain Services forest does not contain the required attributes and classes to host BitLocker Drive Encryption or Trusted Platform Module information. Contact your domain administrator to verify that any required BitLocker Active Directory schema extensions have been installed.
I thinkg that it's a privilege problem but I dont know what to do. Any thoughts ? Thanks.
User contributions licensed under CC BY-SA 3.0