Microsoft has published a number of scripts used to backup TPM (Trusted Platform Module) and BitLocker information for Windows clients. Windows Server 2008 and 2008R2 have support for the attributes required to centrally manage Microsoft’s BitLocker and TPM. Windows Server 2003 has the ability to run these (they require some searchFlags be set to confidential, so pre-2003 Active Directory cannot support these attributes).
To extend the schema is pretty easy. To do so, use an administrative account for the forest (the administrator account for the first domain in the forest is a common one to use). Then log into the server running the schema operations FSMO role for the forest and download Microsoft’s ldif file with these attribute definitions from Microsoft.
Once downloaded, use the ldifde command to import into your domain:
ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=ad,dc=krypted,dc=com" -k -j .
Once downloaded, check out the vb scripts that Microsoft has provided for key escrowing and other tasks here.