AD CS : Recover Private Key using Key Archival
On an encrypted file obtain the certificate Public Key thumbprint using efsutil:
efsutil.exe /c
Open CA Manager snap-in in MMC
- Select Issued Certificates
- View > Add / Remove Columns > Add Archived Key
Search for user EFS Certificate with the same thumbprint as used on the encrypted file
Copy the certificate serial number, in this case ‘29 55 89 a8 00 00 00 00 00 e2‘
From the CLI on the CA with the archived key execute the command as Administrator; this will create a file in the current directory named outputblob
certutil -getkey “29 55 89 a8 00 00 00 00 00 e2” outputblob
Move the outputblob file to C:\ using the command; move outputblob C:\
Recover the private key using the command: certutil -recoverkey outputblob bradfordc_efs.pfx
Now import the new PFX certificate into the personal store on the computer where you are trying to access the encrypted data.