By default, Domain Admins and built-in administrators can read recovery passwords. However, a custom delegation may be needed for helpdesk staff (covered later).
If you’ve properly configured (either via Group Policy or Microsoft BitLocker Administration and Monitoring (MBAM)), you can easily retrieve that key. Without it, the data on the drive is effectively lost. get bitlocker recovery key from active directory
: Regularly check that your GPOs are correctly forcing backups to AD. By default, Domain Admins and built-in administrators can