This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 63%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Sounds like the LAPS service is not active, not working, maybe not retrieving right policies to be able start to act. If you would have delegation issues or local admin misconfigured, you would see that in extended logs.
Thanks for the reply,
I have installed LAPS in one of the domain-joined servers (not DC).
I added registry values in the server & still can't see the logs.
apart from that still unable to set or show passwords.
any help?
Yes, that article should have the solution how to extend client logs with registery key.
https://4sysops.com/archives/part-2-faqs-for-microsoft-local-administrator-password-solution-laps/
Is there a log on the client I can use to audit password changes or troubleshoot LAPS?
By default, no. In its default configuration, LAPS only logs errors. Errors (and other events if you bump up the logging level) are logged to the Application Event Log by the AdmPwd Source.
You can enable additional logging by creating a new REG_DWORD value named ExtensionDebugLevel in the Registry in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions{D76B9641-3288-4f75-942D-087DE603E3EA}\ . Set it to 0 (the default) to log errors only, 1 to log errors and warnings, and 2 for verbose logging.
I think you have some issues with delegating permissions to attributes. Try to verify them with powershell.
Thanks for the details.
But I still can't see the password in ms-Mcs-AdmPwd attribute of an Active Directory computer object.
I tried different computers, agent re-installation, and used high privilege account to use the LAPS for pwd reset but no success.
Is there any way to see the logs?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hi. Thank you for your question and reaching out.
The local administrator password will be updated in the following order once LAPS are in place by Group Policy client-side extension (CSE) software that is installed on each computer.
REFERENCE: https://techcommunity.microsoft.com/t5/itops-talk-blog/local/ba-p/2806185
----------------------------------------------------------------------------------------------------------------------------------------------------------
If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.