Note: be sure to run Powershell as admin or the commands will not work

This command will find all the machines that have a bitlocker key backed up to AD from the Companies OU and outputs the list to C:\Temp\bitlocker.log

No keys are exposed this only lists the machines that contain bitlocker data

Get-ADObject -Filter {ObjectClass -eq 'msFVE-RecoveryInformation'} -SearchBase 'OU=Companies,DC=Contoso,DC=local' > C:\Temp\bitlocker.log

This below Powershell script will force a backup of the system drive bitlocker key to Active Directory

$BitVolume = Get-BitLockerVolume -MountPoint $env:SystemDrive

$RecoveryKey = $BitVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' }

Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId $RecoveryKey.KeyProtectorID

Reference:
https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adobject?view=windowsserver2022-ps
https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/