$creds = get-credential Test-ComputerSecureChannel -Repair -credential $creds
To bind a machine to the domain, rename it and put it in the desired OU:
Add-Computer -DomainName $FQDN -NewName $COMPUTERNAME -Credential $DOMAINBINDACCOUNT -OUPath "OU=SOMEOU, DC=test, DC=com" -restart
To replace an AD Computer object’s Description field:
$description = "This is a test description" $ADComputer = get-adcomputer <ENGS-XXXX> -properties Description Set-ADComputer $ADComputer -Description "$($ADComputer.Description) $description"
First set the OU containers permissions to allow the NTSELF user of systems to write back TPM-ownerinformation, required when first initializing the TPM client:
1. Open Active Directory Users and Computers.
2. Select the OU where you have all computers which will have Bitlocker turned ON.
3. Right Click on the OU and click Delegate Control.
4. Click Next and then click Add.
5. Type SELF as the Object Name.
6. Select create a custom task to delegate.
7. From the object in the folder, select Computer Objects.
8. Under show these permissions, select all 3 checkbox.
9. Scroll down in permissions and select the attribute Write msTPM-OwnerInformation.
10. Click Finish.
11. CUSTOM: Now add the computer to the AD Group named “bitlocker”
12. CUSTOM: Finally power up client, turn on TPM and then initialize TPM in Windows
13. CUSTOM: Enable bitlocker (must be logged in as local/domain admin) and check AD comp object for keys
Next follow the MS article on configuring AD / Bitlocker
To manage the keys you’ll need to register the BitLocker viewer from RSAT as detailed by MS here http://support.microsoft.com/kb/928202
Must be run as a domain admin: regsvr32.exe BdeAducExt.dll
Change the value:
Discovered this thread which mentions using PowerShell to reset the machine password, if you haven’t completed the registry change:
Open PowerShell as administrator. Run this command sequence:
$credential = Get-Credential
(enter domain admin account when prompted)
Reset-ComputerMachinePassword -Server <<YOUR DC NAME HERE>>