I'd prepped for Bitlocker before reading your article and was just waiting for the AD team to extend the schema. Once they'd done that, it all pretty much fell into place The AD team can see the recovery key in AD (I can't but that's a permissions issue) so I'm pretty happy with that.
I didn't update the WinPE wim with the CCTK, I'm doing it all in Windows.
We were going to copy WinRE to the hidden partition, but I haven't really had too much time to look at that yet (lower priority). It seems that most of the documentation on the subject is geared towards Vista.
Now, online patching during the task sequence..... I must be missing something!