problem LAPS error

BUISSON Dorothée 1 Reputation point
2023-05-24T08:05:24.97+00:00 
Hi,
After installing the LAPS on an AD 2016, I encounter an error message from my client machine
 
Schema update Active Directory 2016


I added permissions to read the password Set-AdmPwdReadPasswordPermission -Identity "OU=PC,DC=mondomaine,DC=local" -AllowedPrincipals "GG-Adm-LAPS"


I then deployed by gpo LAPS and the msi of LAPS without problem,; 
Event 7, AdmPwd
Could not write changed password to AD. Error 0x80070032.

Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
  <Provider Name="AdmPwd" /> 
  <EventID Qualifiers="49152">7</EventID> 
  <Version>0</Version> 
  <Level>2</Level> 
  <Task>0</Task> 
  <Opcode>0</Opcode> 
  <Keywords>0x80000000000000</Keywords> 
  <TimeCreated SystemTime="2023-05-24T07:55:52.3301863Z" /> 
  <EventRecordID>513450</EventRecordID> 
  <Correlation /> 
  <Execution ProcessID="0" ThreadID="0" /> 
  <Channel>Application</Channel> 
  <Computer>TIPOR0205.mondomaine.local</Computer> 
  <Security /> 
  </System>
- <EventData>
  <Data>0x80070032</Data> 
  </EventData>
  </Event>

Help me please 
best regards
do
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
7,483 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
9,474 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
4,322 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 26,416 Reputation points
    2023-05-25T11:57:37.08+00:00

    Hello there,

    AdmPwd error 0x80070032 could be due to missing Write permission on ms-MCS-AdmPwdExpirationTime and ms-MCS-AdmPwd attributes of all computer accounts to the SELF built-in account.

    To make sure computer accounts can update the password and expiration timestamp of their own built-in Administrator password, we need to add the Write permission on ms-MCS-AdmPwdExpirationTime and ms-MCS-AdmPwd attributes of all computer account to the SELF built-in account. And we can use the following PowerShell to do this:

    Set-AdmPwdComputerSelfPermission –Identity ManagedWorkstations –Verbose

    Below threads discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

    Event ID 7 “Could not write the changed password to AD. Error 0x80070032 https://social.technet.microsoft.com/Forums/Lync/en-US/87e06e3f-3678-47f3-a4de-adfc5d34924e/event-id-7-8220could-not-write-changed-password-to-ad-error-0x80070032?forum=winserver8gen

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--