This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 25%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
After configuring Local Administrator Password Solution (LAPS), we find LAPS generates a password for domain administrator (we thought LAPS would manage Local computer administrator password only not domain administrator). Anyway, can we disable LAPS temporarily or exclude domain administrator from LAPS because we are worried about some applications such as backup may still use domain administrator credentials?
Hi there,
Once LAPS are in place, the Group Policy client-side extension (CSE) installed on each computer will update the local administrator password in the following order.
So I guess your only option is to find the applications and force them not to use the domain administrator credentials.
--If the reply is helpful, please Upvote and Accept it as an answer–
Thank you for the reply. One more question. As test, we find at least one of computers local administrator doesn't work. We have multiple IT people to try it. LAPS UI and Get-AdmPwdPassword -ComputerName pco1 shows the same password. But the PC doesn't take it. We also run gpupdate /force on the PC.
What could be the problem?
Ok, we find the problem. Some apps and services use administrator account with original password to login. That locked the administrator account.