I have some machines I am working on to get BotLocker set up. We have all the Schema updates and the Group Policies on the server are set. The issue is that some of the machines work fine, but ithers will not back up the recovery info to AD. I use the manage-bde -protectors -adbackup c: -id xxxxxxxxx and get a message that says "Group policy does not permit the storage of recovery information to Active Directory. The operation was not attempted." But on other machines the command functions fine. All the machines have been freshly imaged to Win7 Ultimate using MDT. I have tried gpupdate /force but it still does not work.

Hi, Do the problematic machines have the same hardware configuration as the working machines? Is BitLocker TPM enabled on the problematic machine? Please compare the difference between those machines, such as hardware and Group Policy. Then, assure Group Policy is the same on these machines. Meanwhile, please also refer to the following article: Backing Up BitLocker and TPM Recovery Information to AD DS Thanks, Novak