Step 1) I looking for a way to resend the TPM and Bitlocker information to AD after a system as been encrypted. I have found the Bitlocker part (http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx) which works well. The missing piece the puzzle is how to resend the TPM information to AD. Step 2) Once we are able to figure out how to do this manually, I would like to figure out a way to script this as a comptuer logon script to ensure any missing info is backed up to AD. Has anyone done this already or have any suggestions? I have already found a few reasons why I can not trust that AD has the information properly stored.

Hi, I would like to share: How do I use AD DS or Active Directory to back up BitLocker recovery information? Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information BTW, I recommend you to post in Windows Server Security forums for a better assistance. Best Regards DalePlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for the info. I have already followed those guides and configured AD for these needs. The problem comes in where Bitlocker and TMP only send the Key information one time when you first turn it on. So PC's that were configured prior to AD being setup do not store thier information. Sometimes PC's are removed from the domain and re joined creating a new computer object, losing the information stored. My thought was a script to resend the keys to AD to ensure they are backed up in these senarios. I will look around in the security fourms.