If you’re using BitLocker, you need to be backing up the TPM ownwer password. By default, Windows does not back up this information when you encrypt a computer with BitLocker. Should you need to make changes to the TPM device, you’ll need this password.
Where is the policy located?
Computer Configuration > Policies > Administrative Templates > System > Trusted Platform Module Services > Turn on TPM backup to Active Directory Domain Services
How should the policy be configured?
Set the policy to Enabled and check Require TPM backup to AD DS.
Where do I view the TPM password in Active Directory?
In Active Directory Users and Comptuers, make sure that you’ve got the Advanced Features enabled. Go to the View menu and make sure there is a checkbox by Advanced Features.
In the Computer object Properties, click on the Attribute Editor tab. Scroll down to the msTPM-OwnerInformation attribute. Click the Edit button to view the full value.
