Finding your Bitlocker Recovery Key in Azure AD

When you Azure AD join your device and activate Bitlocker, you get the option to store the Recovery Key in Azure AD.

If you ever wonder where to find them, they are all available from the Details Window for your registered devices in the Azure AD Management Portal.

A few easy steps to get there

  1. Open Azure AD in the Management Portal
  2. Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
  3. Go to the Devices tab, and in the View box, select Devices.
  4. Select the affected device, and click View Details.
    All registered keys should be visible




Joining objects in MIM when you have to calculate the matching attributes

Had a case this other day where we where unable to get a unique identifier from the different source systems, and all of these where to enter the same Windows AD.

The case

We have multiple countries with the same HR system each (Same system, but different databases). In all countries’ databases, the employee number stated on 10001. To solve this, we chose to prefix the employee number upon import. This isn’t a big deal, but it’s a bit more tricky when we need to make sure that a join is successful.


Not that tricky, but it takes time if you don’t know where to start, right?

As we have chosen to use Employee ID as the linked attribute, we decided to use this attribute for joining also. Why make it more complicated than we need to?

To begin, create a Management Agent Extension, and add the following Join rules there

void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
    switch (FlowRuleName)
        case "JoinEmployeeID":
            if ((csentry["employeeID"] != null) || (csentry["employeeID"].StringValue != ""))
                String emloyeeIdWithPrefix = "NO" + csentry["employeeID"].StringValue;
                throw new Exception(String.Format("EmployeeID can't be blank!"));
            throw new EntryPointNotImplementedException();

Then configure the following join rules on the Management Agent

Data Source Object Type Join Project Comment
Person Yes Yes
Mapping Group Action Metaverse Object Type Resolution
1 Join Person No
Data Source Attribute Mapping Type Metaverse Attribute Comment
employeeID Rules Extension – JoinEmployeeID employeeID See join extension rule
Use rules extension to resolve False

Thanks, and hope this could help someone else also🙂

You don’t have to be developer to follow //Build

It’s just a few hours till //Build Keynote, and the hottest developer conference in 2016 kicks off. But how about us IT Pros?

After skimming over the agenda, I see that not all of them are just for hard core developers. There is actually quite a few sessions that at least I find extra interesting. Below you can see the session I will be following, not all will be live, but hopefully most of them will be available on demand later on🙂

For a complete list of all Channel9 live session, check this filter at

Join me watching these videos, and lets prepare for Ignite 2016 later this year🙂


Turing my Surface Pen into a presenter tool

I’ve finally replaced my Lenovo W540 laptop with an Surface Pro 3, and I love it! There is just one catch. The single USB port is always in use, and my Presenter tool is using just that. So a small hope started growing in me; Can I use my Surface Pen as a Presenter tool?

A few Bing searches later, and AutoHotkey is my new favorite tool. It allows us to write scripts that executes based on, well, hotkeys. Another quick search teached me that the Top button sends keystroke F19 and F20. Double-click is F19 and a single click is F20.

After some minutes with the AutoHotkey Help document the following script was born

#NoEnv  ; Recommended for performance and compatibility with future AutoHotkey releases.
; #Warn  ; Enable warnings to assist with detecting common errors.
SendMode Input  ; Recommended for new scripts due to its superior speed and reliability.
SetWorkingDir %A_ScriptDir%  ; Ensures a consistent starting directory.

#IfWinActive ahk_class screenClass
  Send, {Right}

  Send, {Left}

Thanks to the #IfWinActive line, the pen also works as it’s suposed to do while not presenting.

That’s it. Now I’m able to go forward and backward in a presentation by clicking the Surface Pen Top button. A few tests shows that the range is up to about 10 meters, so most stages should be covered.

To get started yourseft, please make a visit🙂