Share via

Password expiration issues with LAPS (2023)

Iván Aymi Abella 20 Reputation points
2023-09-06T10:13:21.09+00:00

Good morning,

We are testing the new LAPS (2023), but when I click "expire now" in the LAPS tab of the team object, the password does not expire and remains the same. It only expires or changes the password of the computer in question, when I run "gpupdate /force" on the computer itself.

It is also not worth performing a "group policy update" on the organizational unit in which the computer is located.

Does anyone know if this is normal?

The domain has 3 Windows Server 2022 DCs, and the client is Windows 10.

Thank you very much for your collaboration.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Limitless Technology 44,766 Reputation points
    2023-09-06T12:24:48.9166667+00:00

    Hello there,

    LAPS automatically randomizes the local administrator password on all domain computers with LAPS activated and changes each password regularly.

    If the expiration period has passed, the LAPS Group Policy Client Side Extension just checks the expiration date that is saved in AD, and the LAPS will update on the subsequent GP refresh.

    In other words, if the password validity period is one year, it has been in use for that length of time.

    Set the expiration time right away using the LAPS UI, and the LAPS will update once the next GP refresh occurs.

    Reference :

    https://learn.microsoft.com/en-us/answers/questions/373150/laps-written-password-doesnt-work

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer–

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.