I would like to enable Bitlocker for our laptops, but before I do, I want to make sure that the Keys are written back to our AD. I have read a lot on the subject but am confused what is necessary for Server 2012r2 and what is required for 2008 or 2003. It appears that much of the information is specific for earlier version of the OS. I have been successful in turning on Bitlocker through a GP on our test laptop, and I have set that GP to write key to AD, but I have not been able to see the key stored in AD. I have applied the Add-TPMSelfWriteACE.vbs to our servers, and I have added Bitlocker management feature through Programs and features, but I do not see the tab that would show the Key in AD properties for the computer, as I think I am supposed to. My environment is Server 2012r2 on our DC, Windows 10 pro on test laptop. Any thoughts on what I need to do to enable this?