Share via

problem LAPS error

BUISSON Dorothée 1 Reputation point
2023-05-24T08:05:24.97+00:00 
Hi,
After installing the LAPS on an AD 2016, I encounter an error message from my client machine
 
Schema update Active Directory 2016


I added permissions to read the password Set-AdmPwdReadPasswordPermission -Identity "OU=PC,DC=mondomaine,DC=local" -AllowedPrincipals "GG-Adm-LAPS"


I then deployed by gpo LAPS and the msi of LAPS without problem,; 
Event 7, AdmPwd
Could not write changed password to AD. Error 0x80070032.

Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="AdmPwd" /> 
  <EventID Qualifiers="49152">7</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2023-05-24T07:55:52.3301863Z" /> 
  <EventRecordID>513450</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>Application</Channel> 
  <Computer>TIPOR0205.mondomaine.local</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>0x80070032</Data> 
  </EventData>
  </Event>

Help me please 
best regards
do
Windows for business Windows Client for IT Pros Directory services Active Directory
Windows for business Windows Server User experience Other
Windows for business Windows Client for IT Pros User experience Other
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,751 Reputation points
    2023-05-25T11:57:37.08+00:00

    Hello there,

    AdmPwd error 0x80070032 could be due to missing Write permission on ms-MCS-AdmPwdExpirationTime and ms-MCS-AdmPwd attributes of all computer accounts to the SELF built-in account.

    To make sure computer accounts can update the password and expiration timestamp of their own built-in Administrator password, we need to add the Write permission on ms-MCS-AdmPwdExpirationTime and ms-MCS-AdmPwd attributes of all computer account to the SELF built-in account. And we can use the following PowerShell to do this:

    Set-AdmPwdComputerSelfPermission –Identity ManagedWorkstations –Verbose

    Below threads discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

    Event ID 7 “Could not write the changed password to AD. Error 0x80070032 https://social.technet.microsoft.com/Forums/Lync/en-US/87e06e3f-3678-47f3-a4de-adfc5d34924e/event-id-7-8220could-not-write-changed-password-to-ad-error-0x80070032?forum=winserver8gen

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.