3

I've strange issue with double bitlocker tab having exactly same look. Any idea how I can remove one?

enter image description here

MadBoy
  • 3,725
  • 15
  • 63
  • 94

1 Answers1

5

Witnessed on several domains that have gone through upgrades from 2008 to 2012.

The fix outlined below will remove the duplicate BitLocker Recovery tab in ADUC and the duplicate Action > Find BitLocker recovery password Action menu option when running ADUC in an English locale only. For other language locales, the process is the same but a different path is used.

Remove Duplicate BitLocker Recovery Tab

  1. Open ADSI Edit, right-click on ADSI Edit top level node, click Connect to...
  2. Select a well known Naming Context: Configuration, click OK. Do not select the Default Naming Context (which is Domain), we want Configuration.
  3. Drill down to Configuration > DisplaySpecifiers > 409 and open up the computer-Display container.
    • Substitute 409 for other hex code for other (than English) locales.
  4. In the Attribute Editor tab, open adminPropertyPages, select 14,{2FB1B669-59EA-4F64-B728-05309F2C11C8}, and click Remove.
    • Note that two {2FB1B669-59EA-4F64-B728-05309F2C11C8} entries exist in this attribute. We are removing one of them. In cases where integer prefix is not 13,{GUID} and 14,{GUID} - find yours and remove the greater integer entry.

BitLocker Recovery Tab Removal Process

Remove Duplicate Action > Find BitLocker recovery password Menu Option

  1. Keep ADSI Edit open.
  2. Drill down to Configuration > DisplaySpecifiers > 409 and open up the domainDNS-Display container.
    • Substitute 409 for other hex code for other (than English) locales.
  3. In the Attribute Editor tab, open adminContextMenu, select 4,{2FB1B669-59EA-4F64-B728-05309F2C11C8}, and click Remove.
    • Note that two {2FB1B669-59EA-4F64-B728-05309F2C11C8} entries exist in this attribute. We are removing one of them. In cases where integer prefix is not 3,{GUID} and 4,{GUID} - find yours and remove the greater integer entry.

Find BitLocker recovery password Removal Process

After completing the removals wait for Active Directory replication to complete and open/re-open ADUC on a replicated domain controller. The changes only need to be made once per forest since changes are in the Configuration NC.

Additional Reference

https://support.microsoft.com/en-us/help/928202/how-to-use-the-bitlocker-recovery-password-viewer-for-active-directory

Weaver
  • 1,952
  • 12
  • 13