When you use the Microsoft BitLocker Administration and Monitoring setup wizard (Mbamsetup.exe) to install Microsoft BitLocker Administration and Monitoring (MBAM), the installation is not completed. Additionally, the following error message is logged in the installation log:
The specified directory service attribute or value does not exist.
This issue occurs because Mbamsetup.exe uses the local computer account to perform a custom action that creates the necessary local groups and adds domain members to the groups. When the default Active Directory permissions are changed, the computer may not successfully query Active Directory. Therefore, the custom action fails, and the overall MBAM installation fails.
Mbamsetup.exe from this release performs the custom action in the context of the user who runs the installation to accommodate alternative security configurations. This release was part of the MDOP 2011 R2 language update. MDOP subscribers can download the software at the Microsoft Volume Licensing site (MVLS).
To work around the issue, make sure that the computer account on which MBAM is being installed has read and list permissions to Active Directory down to the container where the MBAM service account resides.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about Microsoft BitLocker Administration and Monitoring, visit the following Microsoft website: