Tom’s AD Bitlocker Password Audit

Audit your Bitlocker implementation by reviewing your Bitlocker Recovery Passwords in your Active Directory and quickly detect machines with missing recovery passwords.


Toms AD Bitlocker Password Audit

Screenshot of Tom’s AD Bitlocker Password Audit running on Windows 10. Screenshot shows a list of computers and their associated Bitlocker Recovery Keys for a selected Organizational Unit. (Click Image to see it Full Size)

Tom’s AD Bitlocker Password Audit is a free Windows utility used to audit your Bitlocker recovery passwords that are stored in Active Directory by querying for all or selected computer objects and returning their recovery password and volume information in a grid-view format giving you a quick overview of the status of your current password recovery capabilities.

If you have configured your BitLocker Full Volume Encryption to back up recovery information for BitLocker-protected drives to Active Directory Domain Services (AD DS) the backed up BitLocker recovery information is stored in a child object of the computer object. Tom’s AD Bitlocker Password Audit enumerates all of the computer objects for your entire Active Directory or for a selected Organizational Unit and retrieves and displays the Bitlocker recovery password in a spreadsheet like format that can easily be filtered and sorted. This makes it easy to answer audit questions such as:

I’ve just implemented Bitlocker, but how do I know that the recovery passwords are being populating for all of my computers?

How can I identify machines that have problems with the Bitlocker process?

How can I identify which machines do NOT have a recovery password?


  • View and audit Bitlocker Recovery Passwords for entire domain or selected Organizational Units
  • Displays audit data in easy to read Gridview format
  • Innovative user interface allows you to easily group, search, and filter your audit data
  • Supports computer objects with multiple encrypted volumes and Bitlocker-To-Go
  • Supports auditing of Recovery Passwords in Active Directory Recycle Bin
  • Copy selected Recovery Password to Clipboard
  • Optionally export data to Microsoft Excel (XLSX) or Comma Separated Values (CSV) files for auditing using third-party software

Tom’s AD Bitlocker Password Audit is used by organizations all over the world to audit their Bitlocker implementations.


Windows LogosLicense:
Freeware (End User License Agreement)

Microsoft .NET Framework 4.5.2
Bitlocker Active Directory Recovery Password Viewer (included with the Remote Server Administration Toolkit (RSAT)

Tom’s AD Bitlocker Password Audit, Version (64-bit) (MD5: cb544b7ba29c8c8495c18ef985586e27)


Looking for the Console Edition?

Pin It on Pinterest

Share This