We have a number of Windows 7 computers whose drives were encrypted with Bitlocker, under a faulty GPO. They encrypted properly (as in they're not corrupted), but the recovery key isn't backed up to AD. We have since corrected the policy to require the backup of the key when encrypting the drive, and this policy is working properly.
My question is, is there a way to force the recovery keys on the already encrypted drives that were not backed up to AD, to do so via a GPO or script.
I know this can be achieved by running a series of manage-bde.exe commands from an elevated command prompt, but this requires a technician to visit each computer and we'd like to automate it.