LAPS v2.0: Missing Attributes in ADUC LAPS Tab

John W. Love Jr 0 Reputation points
2024-07-01T20:48:39.1033333+00:00

We have just recently deployed the new version of LAPS. We receive the info with the LAPS UI and the attributes show in the attributes editor but not in the ADUC LAPS Tab, Pictures added

mstsc_m0mBiaXPB6

mstsc_JBhYWsSxyT

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,204 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Yanhong Liu 4,815 Reputation points Microsoft Vendor
    2024-07-02T07:47:16.4733333+00:00

    Hello,

    Thank you for posting in Q&A forum.

    This can be due to several reasons:

    Group Policy is not applied correctly: Ensure that the Group Policy used to deploy LAPS has been successfully applied to the target computer. You can confirm this by running the gpupdate /force command to force an update of Group Policy on the client computer and checking the results of Group Policy.

    ADUC Lacks Management Console Extension: ADUC needs to install the Management Console extension for LAPS to see the LAPS tab in the properties of the computer object. Check that this extension is installed on all management workstations. If you haven't already, you can download and install the management tools for LAPS from Microsoft.

    ADSI Edit Validation: Use the ADSI Edit tool to view computer object properties directly in AD. Look for the ms-mcs-admPwd and ms-mcs-admPwdExpirationTime properties to exist and have values. If these properties exist and have the correct values, then the problem may lie with ADUC's view or permission settings.

    Permission issues: Make sure that the ADUC account you are using has sufficient permissions to view these attributes. By default, the Read permission is required to view LAPS password attributes.

    LAPS Version Compatibility: Confirm that the new version of LAPS is fully compatible with your AD environment. Sometimes, a new version of the software may introduce changes that are not fully compatible with the existing environment. Check the release notes for LAPS to see if there are any known issues or specific installation steps that have been modified.

    Restart a service or server: Sometimes, even though Group Policy has been updated, related services, such as the Group Policy Client service or the LAPS service, may need to be restarted to apply the changes.

    Check LAPS logs: Review the LAPS-related event viewer logs, specifically the LAPS-related entries in the application and service logs, for possible errors or warning messages.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.


  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more