I purposely ran a dsregcmd script in an effort to fix a Teams issue. The goal was to disconnect then rejoin to see if that solved the issue. Once i restarted my pc my password no longer worked and I am now locked out of the pc.

Hi Nicol Drayton,

The use of the dsregcmd utility to leave the tenant severed the local security identifier's link to your cloud identity, which effectively invalidated the cached login tokens Windows requires to authenticate your password. Because BitLocker is active, the drive is currently locked in a high-security state where the encryption keys are protected by the Trusted Platform Module. When the identity bond is broken, the TPM often requires the 48-digit recovery key to prove authorization before it will release the keys to boot the operating system. You cannot execute a join command from the recovery environment command prompt because that environment lacks the necessary Directory Services Registration Service and the full networking stack required to communicate with Microsoft Entra ID.

Since you have access to your business subscription from another PC, your files are likely still recoverable if the key was backed up during the initial deployment. You should navigate to the Microsoft Entra admin center at https://entra.microsoft.com/auth/login/ rather than the standard Microsoft 365 admin portal. Once there, navigate to Identity, then Devices, and select All devices. Even if the device appears to be gone from the standard user list, it often remains in this directory. If you find the device name, click on it and look for the Recovery keys tab to reveal the 48-digit string.

If the device does not appear there, it is possible the key was associated with the specific user object rather than the device object. You can check this by going to the Users section in the Entra portal, selecting your specific user account, and looking under the Devices category in the left-hand sidebar. If the key is not found in either the Device or User properties within the business tenant, or at the personal account portal at https://account.microsoft.com/devices/recoverykey the data remains cryptographically unreachable. Without that specific key, there is no technical method to mount the drive or bypass the encryption to reach your local files.

Hope this answer brought you some useful information. If it did, please hit “accept answer”. Should you have any questions, feel free to leave a comment.

VP

Because the device is now prompting for BitLocker recovery and you do not have the recovery key, the only supported options are to locate the existing key or use an enterprise recovery mechanism if BitLocker was managed.

Use these steps in order:

1. Check for self‑service recovery options
   • If the device was Microsoft Entra joined and BitLocker keys were backed up, sign in on another device to https://myaccount.microsoft.com, go to Devices, select the affected Windows device, and choose View BitLocker Keys.
   • If the device was managed with MBAM (Microsoft BitLocker Administration and Monitoring), use the MBAM Self‑Service Portal if available. From the BitLocker recovery screen on the locked PC, note the 32‑digit Recovery Key ID, then on another device:
     1. Open the Self‑Service Portal.
     2. Enter at least the first eight digits of the Recovery KeyId; if multiple matches appear, enter all 32 digits.
     3. Select a Reason and choose Get Key.
     4. Use the displayed 48‑digit recovery key on the locked PC’s BitLocker screen to unlock the drive.
2. Use helpdesk/IT admin recovery if MBAM or AD DS is in use
   • If the organization uses MBAM and you have access to the Administration and Monitoring Website (Help Desk site):
     1. On another device, open the Administration and Monitoring Website.
     2. Go to Drive Recovery.
     3. Enter the Windows sign‑in domain and username that were used on the locked PC.
     4. Enter the first eight digits (or full 32 digits) of the recovery key ID from the BitLocker screen.
     5. Select a Reason for Drive Unlock and submit.
     6. Use the returned 48‑digit recovery password on the locked PC to unlock the drive.
   • If the drive is corrupted and MBAM is in place, an MBAM admin can also download a recovery key package and then use repair-bde from an elevated command prompt on another Windows machine to recover data to a different drive.
3. If self‑service and MBAM/Entra options are not available
   • If the BitLocker recovery key was never backed up to Microsoft Entra ID, AD DS, MBAM, a USB drive, printed copy, or another safe location, there is no supported way to bypass BitLocker. The encryption is designed to prevent access without the recovery key.
   • In that case, data on the drive cannot be decrypted, and the only option is to re‑image or replace the drive, which will result in data loss.

The Windows recovery environment and dsregcmd cannot be used to rejoin the device to Microsoft Entra ID or to regenerate a BitLocker key; BitLocker requires the original recovery key or a recovery package from a management system (MBAM/AD DS/Entra). Focus efforts on locating any backed‑up recovery key (printed, USB, admin portals, or MBAM/Entra/AD DS) before attempting any destructive actions.

References:

• BitLocker recovery process
• Manage your work or school account connected devices from the Devices page
• Use the Self-Service Portal to regain access to a computer
• Recover a drive in recovery mode
• Recover a corrupted drive