When setting up BitLocker for interoperability with Active Directory, Microsoft gets you to run a VBS script to add an Access Control Entity (https://technet.microsoft.com/en-us/library/dd875529%28v=ws.10%29.aspx). Unfortunately the script didn’t work for me, so I rewrote it in PowerShell.

Use with .\BitLocker-ACE.ps1 -Read to check if the ACE is already there and .\BitLocker-ACE.ps1 -Write to create the ACE.