For those of you who have deployed BitLocker in FIPS 140-2 compliance how are you backing up your recovery keys? I cannot for the life of me figure out how to do this with available GPO settings. Are you automating it with PowerShell? If so are you then able to see the recovery key in AD for the computer or are you saving the keys to a file share? The GPO setting "Chose how BitLocker-protected operating system drives can be recovered" does not appear to have an option to only backup the recovery key to AD DS, unless I am missing something? Since recovery passwords cannot be used do I leave this GPO setting not configured? At this point I think I have tweaked the GPO in every way possible and have not been able to get BitLocker to go silently. My google fu has been failing me.

TIA