Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
Yes, an event log entry that indicates the success or failure of an Active Directory backup is recorded on the client computer. However, even if an event log entry says “Success,” the information could have been subsequently removed from AD DS, or BitLocker could have been reconfigured in such a way that the Active Directory information can no longer unlock the drive (such as by removing the recovery password key protector). In addition, it is also possible that the log entry could be spoofed. Ultimately, determining whether a legitimate backup exists in AD DS requires querying AD DS with domain administrator credentials by using the BitLocker password viewer tool.
Related Questions
- Is there an event log entry recorded on the client computer to indicate the success or failure of the Active Directory backup?
- Why not show computer name in the log file when the client coming from a remote network?
- What is the status of the data (registered user and event log) in case of power failure?