Bitlocker Recovery Key in AD - Purge old keys?
Is it possible to delete old recovery keys that are stored in the AD Computer objects? Is there a limit to the amount of keys that can be stored in such an object?
Storing the bitlocker key in AD changes the computer account from a leaf object to a container object. The bitlocker key is stored as a child object to the related computer parent.
Im not aware of any limits To delete you would address as a child of the parent object. By default deleting computers with child objects is disabled and needs to be enabled so Im sure it is the saem with the children.