Note: be sure to run Powershell as admin or the commands will not work

This command will find all the machines that have a bitlocker key backed up to AD from the Companies OU and outputs the list to C:\Temp\bitlocker.log

No keys are exposed this only lists the machines that contain bitlocker data

Get-ADObject -Filter {ObjectClass -eq 'msFVE-RecoveryInformation'} -SearchBase 'OU=Companies,DC=Contoso,DC=local' > C:\Temp\bitlocker.log

This below Powershell script will force a backup of the system drive bitlocker key to Active Directory

$BitVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive

$RecoveryKey = $BitVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }

Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID