Failure to encrypt with bitlocker if non Admin user

-1

I have a windows server 2012 R2 DC with a windows 10 that is part of the domain. I configured BitLocker to store recovery keys in Active Directory using this tutorial

When I try to encrypt a usb stick with the domain admin account everything works fine and I got the key stored in the AD.

manage-bde -on x: -rp -used

If I try the same operation with a normal user (elevated prompt with local admin account) I got this error: ERROR: An error occurred (code 0x8031000a): The Active Directory Domain Services forest does not contain the required attributes and classes to host BitLocker Drive Encryption or Trusted Platform Module information. Contact your domain administrator to verify that any required BitLocker Active Directory schema extensions have been installed.

I thinkg that it's a privilege problem but I dont know what to do. Any thoughts ? Thanks.

windows
active-directory
bitlocker
windows-server-2012-r2
asked on Super User Sep 21, 2018 by kikolol

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0