Allow removable media keys to be saved to just MBAM
We have a number of users that use BitLocker for removable drive encryption. We would like to be able to save our BitLocker keys to just MBAM and not go through AD. We had an issue in the past where BitLocker keys kept replicating in AD and almost brought down the forest. For that reason we moved keys to MBAM but currently Microsoft does not allow you the option to save removable drive keys to just MBAM. Having this option would be a huge asset as we would like to not save them to AD. Really the only option currently is to save them to AD or have the user save them locally. If you could please work on this option that would be great!
Ben Grant commented
The NTDS.DIT file is with you for the life of your forest. That's why it's important to inspect your DIT regularly and look for signs of unexpected growth. If your DIT is too big, it hurts everyone.
Once thing I forgot to mention is that the issue is that when we back up to just MBAM we cannot hide the recovery option from the user. If we can have the GPO changed to hide the recovery option from the user and only back up to MBAM that would be awesome! Thanks