26 votesBrett commented
There is a BitLocker setting to require backup to AD before encryption begins, specifically to prevent this from happening. Have you tested that and still experience this issue with removable drives?
"If you select Require BitLocker backup to AD DS, BitLocker cannot be turned on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible."