We have deployed the LAPS and its working well.
We've assigned the permissions to IT support team to fetch the passwords and they are able fetch the password of All OU'S computers.
Environment: We've multiple sites and one IT support engineer is responsible to manage mange their site (Creation users, deletion etc in particular OU) .
Requirement: Every IT support engineer should have rights to fetch only it's own Site computers password.
He should not be able to fetch the passwords of any other OU computers.
How can we achieve this? I didn't find any option to this bifurcation. Please suggest.