Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This attribute is used by the Local Administrator Password Solution (LAPS) feature.
This attribute contains an encrypted password.
-
cn: ms-LAPS-EncryptedPassword ldapDisplayName: msLAPS-EncryptedPassword attributeId: 1.2.840.113556.1.6.44.1.3 attributeSyntax: 2.5.5.10 omSyntax: 4 isSingleValued: TRUE systemOnly: FALSE searchFlags: fPRESERVEONDELETE| fCONFIDENTIAL | fNEVERVALUEAUDIT | fRODCFilteredAttribute
Version-specific behavior: This attribute is added to Active Directory Domain Services (AD DS) by an Administrator.
The structure of the information contained in this attribute is represented as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
PasswordUpdateTimestamp |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptedPasswordSize |
|||||||||||||||||||||||||||||||
|
Reserved |
|||||||||||||||||||||||||||||||
|
EncryptedPassword (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
PasswordUpdateTimestamp (8 bytes): contains the UTC timestamp specifying when this password was stored.
EncryptedPasswordSize (4 bytes): specifies the size of the EncryptedPassword field in bytes.
Reserved (4 bytes): reserved for future use. This field MUST be set to zero.
EncryptedPassword (variable): variable-length data containing an encrypted buffer. The buffer is encrypted using a group key obtained via [MS-GKDI]. The decrypted data contains a JSON string that uses the format specified in ms-LAPS-Password (section 2.64).