Attempt to reconstruct critical parts of a severely damaged BitLocker drive and salvage any recoverable data. Requires that the drive was encrypted using BitLocker and has a valid recovery password or recovery key for decryption.
Syntax
repair-bde inputvolume outputvolumeorimage [-rk] [-rp] [-pw] [-kp] [-lf] [-f] [{-?|/?}]
Key
inputVolume
The drive letter of the BitLocker-encrypted drive to repair.
For example C: or F:
outputVolumeOrImage
The drive on which to store the content of the repaired drive
All information on the output drive will be overwritten.
-recoveryKey
-rk
The location of the recovery key that should be used to unlock the volume.
-recoveryPassword
-rp
The numerical recovery password that should be used to unlock the volume.
For home users, typically stored in your Microsoft account aka.ms/myrecoverykey
The recovery password must be entered as eight hyphen-separated blocks of six digits.
123456-223456-323456-423456-523456-623456-723456-823456
-password
-pw
The password that should be used to unlock the volume.
-keyPackage
-kp
The recovery key package that can be used to unlock the volume.
-logFile
-lf
The path to the file that will store Repair-bde error, warning, and information messages.
-force
-f
Force a volume to be dismounted even if it cannot be locked.
-? or /? Display help.
If the path to a key package isn't specified (-kp), this command will search the drive for a key package.
In the event that the hard drive is damaged, this command might not be able to find the package and will prompt you to provide the path.
Recover Passwords from AD DS or Entra ID. Using the key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive, even if the disk is corrupted. Each key package works only for a drive with the corresponding drive identifier.
Important: when running the repair-bde command, the contents of the output volume will be completely deleted and overwritten by the decrypted contents from the damaged BitLocker drive. To save any existing data on the target drive, back it up first, before running the repair-bde command.
Repair-BDE was first available in Windows 7 and Windows Server 2008 R2.
Aattempt to repair drive C: write the content from drive C: to drive D: using the recovery key file (RecoveryKey.bek) stored on drive F:, and write the results of this attempt to the log file (log.txt) on drive Z:
repair-bde C: D: -rk F:\RecoveryKey.bek -lf Z:\log.txt
Attempt to repair drive C: and to write the content from drive C: to drive D: using the 48-digit recovery password specified, type:
repair-bde C: D: -rp 111111-222222-333333-444444-555555-666666-777777-888888
Force drive C: to dismount, attempt to repair drive C: and then to write the content from drive C: to drive D: using the recovery key package and recovery key file (RecoveryKey.bek) stored on drive F:
repair-bde C: D: -kp F:\RecoveryKeyPackage -rk F:\RecoveryKey.bek -f
“For every dollar you spend purchasing something substantial, expect to pay a dollar in repairs, maintenance, or disposal by the end of its life”
BdeHDcfg - Prepare a hard drive with the partitions necessary for BitLocker Drive Encryption.
Manage-BDE - Configure BitLocker Drive Encryption on disk volumes.
PowerShell: Enable-BitLocker / Suspend-BitLocker / Get-BitLockerVolume