But you’re smart. You mandated BitLocker. And you told Group Policy to “Save BitLocker recovery information to Active Directory.”
So you open . You right-click the computer object. You look at the tabs: General, Operating System, Member Of, Delegation . Nothing says “Keys.”
Instead, Active Directory treats each BitLocker recovery key as a linked to the computer. The object class is called msFVE-RecoveryInformation (FVE = Full Volume Encryption, Microsoft’s internal code name for BitLocker).