Share via

Windows LAPS Passwort does not work

Anonymous
2024-06-18T08:14:13+00:00

Hello, I hope someone can help me. I have introduced LAPS or am in the process of doing so. I have used the following instructions. https://activedirectorypro.com/microsoft-laps-setup-install-guide/ So far so good. The problem is that the password that is generated for the local admin does not seem to work. There is only one local admin, the default one has been blocked. I have also defined the name of the Local Admin in the GPO, as it is with us... On another test computer, where the GPO also applies and LAPS is also installed, it shows no password or expiration date at all. -> Could it be that it takes some time for the new GPO to take effect and for the password to be generated? And how can it be that the new password cannot be used? I am grateful for any tips :) Translated with DeepL.com (free version)

Windows for business | Windows Client for IT Pros | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-06-18T08:53:07+00:00

    Hello Susan Haag,

    Thank you for posting in Microsoft Community forum.

    If the password that is generated for the local admin does not seem to work, there may be a few things you can check:

    1.Make sure that the computer is properly receiving the GPO that defines the name of the Local Admin. You can check this by running the command "gpresult /r" on the affected computer and verifying that the GPO is listed under "Applied Group Policy Objects".

    2.Make sure that the LAPS client is properly installed and configured on the affected computer. You can check this by running the command "Get-AdmPwdPassword -ComputerName <computername>" on the domain controller and verifying that a password is returned for the affected computer.

    3.Check the machine is x64 and the installation package is also x64 (or check the machine is x32 and the installation package is also x32)。

    4.Check if you can see the two schema on problematic machine.

    • ms-Mcs-AdmPwd – This attribute saves the computer’s administrator password.
    • ms-Mcs-AdmPwdExpirationTime – This attribute saves the password expiration timestamp.

    5.The problem is that the password that is generated for the local admin does not seem to work.

    When you use the generated LAPS, what error message do you receive? You should type the LAPS correctly.

    *6.it shows no password or expiration date at all.*Are all the machines (working machines and non-working machines) in the same OU?
    Maybe the machine has no permissions to generate LAPS. Maybe the machine has already generated the LAPS, but the account has no permissions to view the LAPS.

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest