Hello there,
By design, BitLocker recovery password entries don't get deleted from AD DS. Therefore, multiple passwords might be seen for each drive. To identify the latest password, check the date on the object.
The BitLocker Windows Management Instrumentation (WMI) interface does allow administrators to write a script to back up or synchronize an online client's existing recovery information. However, BitLocker doesn't automatically manage this process. The manage-bde.exe command-line tool can also be used to manually back up recovery information to AD DS.
BitLocker and Active Directory Domain Services (AD DS) https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-and-adds-faq
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer–