cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jrwsweeper
Engaged Sweeper
Hi,

I am new to LANsweeper and running reports in LAN sweeper.

I have created the Find Active Directory BitLocker Recovery Keys report found here.
https://www.lansweeper.com/report/active-directory-bitlocker-recovery-keys-audit/

The report does a great job of listing the computer assets and the recovery keys for BitLocker. However it is not listing all the assets/systems that I know for a fact have a BitLocker recovery key (which is backed up in Active Directory). I picked one of the assets that should show up in the report that I know has an Active Directory key backed up in Active Directory and Rescanned the Asset a couple of times and then ran the Active Directory BitLocker Recovery Keys report again but the missing asset/system did not appear in the report even after scanning it.

What could cause some assets that should be appearing in a LAN sweeper report to not be listed?
3 REPLIES 3
jrwsweeper
Engaged Sweeper
I just ran the "Active Directory: Assets overview" report.

The first two columns that I see are "ExistsInAD" and "EnabledInAD".

About half of our assets appear with True and True in these columns.

The other half of our assets appear in this "Active Directory: Assets overview" report with False and False in these first two columns. However if I open Active Directory Users and computers I can see these same computers that LANsweeper has ExistsInAD False and EnabledInAD False listed right there in Active Directory.

What could case these computer assets that I see in ADUC to have False and False in the "ExistsInAD" and "EnabledInAD" columns for the "Active Directory: Assets overview" report?
jrwsweeper
Engaged Sweeper
For my desktop I just recently (almost 24 hours ago) manually backed up the BitLocker keys because they were not manually backing up using GPO rules for this specific desktop.

I used the manual commands
manage-bde -protectors c: -get
manage-bde -protectors c: -adbackup -id

For my laptop the BitLocker key has been backed up in Active Directory for weeks but the LANsweeper Active Directory Bitlocker Recovery Keys Query is not including it in the results. We have about 100 desktops/laptops and they all have BitLocker enabled but only a portion of them are showing in the LANsweeper Active Directory Bitlocker Recovery Keys Query report and I have checked some of the ones missing from the report and I see their BitLocker keys backed up in Active Directory.

I think this reporting feature in LANsweeper is very cool and useful but I am not sure why it is breaking in some cases and how to fix it so I can rely more on LANsweeper for reporting and information gathering.
looktall
Engaged Sweeper III
How long ago were the keys uploaded into AD?
I find that LS can take up to 24 hours to pick up bitlocker keys in my setup.