LAPS on servers that are only connected to a RODC

Jan Adolfsson 21 Reputation points
2021-09-06T17:35:23.38+00:00

How can I get LAPS working on servers that only can access a RODC?
Ho can they populate the LAPS attributes when they cannot contact an RWDC?

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

Accepted answer
  1. Leon Laude 86,026 Reputation points
    2021-09-06T18:10:04.427+00:00

    Hi @Jan Adolfsson ,

    I believe if the servers have no access to the RWDC whatsoever and only to the RODC, the LAPS solution will not work.
    This has also been discussed in other thread over here:

    ----------

    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,
    Leon

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Limitless Technology 39,931 Reputation points
    2021-09-07T09:01:15.323+00:00

    Hello Jan A,

    You can perform these procedures to exclude specific data from replicating to RODCs in the forest. Because the data is not replicated to any RODCs, you can be assured that the data will not be revealed to an attacker who manages to successfully compromise an RODC. In most cases, adding an attribute to the RODC FAS is completed by the developer of the application that added the attribute to the schema.

    Determine and then modify the current searchFlags value of an attribute

    Verify that an attribute is added to the RODC FAS

    To get to know further about the LAPS working and attributes do follow up the below link,

    https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754794(v=ws.10)?redirectedfrom=MSDN

    Hope this answers all your queries, if not please do repost back.
    If an Answer is helpful, please click "Accept Answer" and upvote it : )


  2. Gabriel Luiz 41 Reputation points MVP
    2023-02-03T12:27:34.8566667+00:00

    How do you do this calculation?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.