Note: be sure to run Powershell as admin or the commands will not work
This command will find all the machines that have a bitlocker key backed up to AD from the Companies OU and outputs the list to C:\Temp\bitlocker.log
No keys are exposed this only lists the machines that contain bitlocker data
Get-ADObject -Filter {ObjectClass -eq 'msFVE-RecoveryInformation'} -SearchBase 'OU=Companies,DC=Contoso,DC=local' > C:\Temp\bitlocker.log
This below Powershell script will force a backup of the system drive bitlocker key to Active Directory
$BitVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive $RecoveryKey = $BitVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID
Reference:
https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adobject?view=windowsserver2022-ps
https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/