Solved! Go to Solution.
It doesn't require Domain Admin rights, just needs permissions to manage computer objects. For example all of our helpdesk staff have access to objects, i.e. so they can move them between OUs, delete or add computers, but they're not members of the Domain Admin group.
I'm using lansweeper to report bitlocker keys in ad, however it only works if the user have domain admin rights something that i don't pretend!
I follow the guide to give lanswepper user local admin on machines and domain user in ad, but with that bitlocker report is empty...