Enable the policy "Do not enable BitLocker until recovery information is stored in AD DS." This prevents encryption from starting if the backup to AD fails. 3. How to Retrieve a BitLocker Key from AD
After policy applies ( gpupdate /force ), enabling BitLocker automatically escrows the key. active directory bitlocker key
But this requires existing network access. Enable the policy "Do not enable BitLocker until
: Enable Store BitLocker recovery information in Active Directory Domain Services . active directory bitlocker key