When a computer is joined to a domain and BitLocker is enabled (usually via Group Policy), the client computer generates a recovery key. If configured correctly, the computer attempts to back up this key to the computer object in Active Directory.
Pro Tip: Always test recovery by actually booting a machine into recovery mode and pulling the key from AD before you need it in a crisis. bitlocker recovery key active directory
When configured via Group Policy ( Configure storage of BitLocker recovery information to AD DS ), the recovery key is backed up silently during the initial encryption process. Help desk staff do not need to rely on users saving a text file or printing a key. It is stored directly on the computer’s Active Directory object. When a computer is joined to a domain