If you are a domain admin you should be able to view the key just fine with
that script. is that not what you are seeing?
The key uses the new capabilities build in the SP1 to protect it...
you can also delegate authority to the object (you will notice the key is a
sub object of the compter object if you really go hunting) be sure to
provide "control access" and "read property" to the group you want to
delegate to read the key.
"BddWdsAdmin" <LetsMach@gmail.com> wrote in message
> Hi all, I am trying to recovery (as a test) the bitlocker key that was
> stored in AD
> I have extended the Ad schema and ran the ListAces.vbs from the
> Bitlocker guide and get the expected output.
> When I run this: cscript Get-BitLockerRecoveryInfo.vbs I do not get
> any output.
> Has anyone tried this with success?