ARS 6.9 has the built/in ability to search for, and retrieve, BitLocker recovery passwords that are stored in Active Directory. This feature helps the administrator to recover data on BitLocker-encrypted drives.
You may find it necessary to delegate rights to view only to some members of your admin group.
To delegate view permissions to BitLocker recovery passwords, a new Access Template can be created:
1) On ‘Select object classes to apply permissions on to’ click on: ‘Only the following classes’;
2) Locate and select class: ms FVE RecoveryInformation;
3) Click ‘Next’ and select Object property access from ‘Select Permissions Category’;
4) Select the Read properties check box;
5) Apply the newly create AT to the appropriate group.
Please note, you may need to apply the following built-in access template: Computer Objects - View BitLocker Recovery Keys