To back up TPM owner information from a computer running Windows 10, version 1507, Windows 10, version 1511, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. … . This functionality is discontinued starting with Windows 10, version 1607.
– Microsoft: TPM Group Policy Settings.
Those Microsoft folk give with one hand and take with the other. No explanation for the removal.
Microsoft offer an alternative, the Microsoft BitLocker Administration and Monitoring (MBAM) product. MBAM allows you to centrally manage Bitlocker and Bitlocker to Go. Which is good, but comes at a cost. From what I can see, you need several SQL Servers (Recovery Database, Compliance and Audit Database, Reporting Server, Administration and Monitoring Server)
Ok, so how does the removal of TPM Backup effect workstations which currently store their Bitlocker Recovery Key into Active Directory? It doesn’t as far as I can see. My Windows 10 1607 workstation is still happily storing it’s Recovery Key into AD.
But knowing Microsoft, eventually the Bitlocker Recovery Key storage feature will break and they won’t fix it.
A script to push the Bitlocker Recovery Key to AD
Microsoft BitLocker Administration and Monitoring 2.5