Hello there,
By design, BitLocker recovery password entries don't get deleted from AD DS. Therefore, multiple passwords might be seen for each drive. To identify the latest password, check the date on the object.
The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information. However, BitLocker doesn't automatically manage this process. The manage-bde.exe command-line tool can also be used to manually back up recovery information to AD DS.
BitLocker and Active Directory Domain Services (AD DS) https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–
I must have misspoken.
On re-enabling bitlocker encryption, the recovery key did not change on the DC. So the drive key is not good and I can't use the recovery key stored on the active directory when needed.
Is there a solution for the computer to transmit the new recovery key to the active direcotry?
Finally, I specify that I am not on an azure active directory