01825 818572
When you encrypt drives with BitLocker it can be a nightmare to manually keep track of recovery keys, it therefore makes sense to use the built-in integration with Active Directory Domain Services (AD DS). Cyril Kardashevsky of The IT Bros has an excellent comprehensive how-to guide to configuring your AD and GPO. It doesn't detail how to enforce BitLocker drive encryption but if you encrypt as part of your workstation setup then the keys will automatically be stored in AD for you once the GPO is in place.
Export list of enabled users or group members of AD using PowerShell
A couple of handy PowerShell commands for exporting info from your AD: All enabled users Get-ADUser -Filter 'Enabled...