2.66 Attribute ms-LAPS-EncryptedPassword
This attribute is used by the Local Administrator Password Solution (LAPS) feature.
This attribute contains an encrypted password.
-
cn: ms-LAPS-EncryptedPassword ldapDisplayName: msLAPS-EncryptedPassword attributeId: 1.2.840.113556.1.6.44.1.3 attributeSyntax: 2.5.5.10 omSyntax: 4 isSingleValued: TRUE systemOnly: FALSE searchFlags: fPRESERVEONDELETE| fCONFIDENTIAL | fNEVERVALUEAUDIT | fRODCFilteredAttribute
Version-specific behavior: This attribute is added to Active Directory Domain Services (AD DS) by an Administrator.
The structure of the information contained in this attribute is represented as follows.
|
|
|
|
|
|
|
|
|
|
1 |
|
|
|
|
|
|
|
|
|
2 |
|
|
|
|
|
|
|
|
|
3 |
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
PasswordUpdateTimestamp |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
EncryptedPasswordSize |
|||||||||||||||||||||||||||||||
|
Reserved |
|||||||||||||||||||||||||||||||
|
EncryptedPassword (variable) |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
|
... |
|||||||||||||||||||||||||||||||
PasswordUpdateTimestamp (8 bytes): contains the UTC timestamp specifying when this password was stored.
EncryptedPasswordSize (4 bytes): specifies the size of the EncryptedPassword field in bytes.
Reserved (4 bytes): reserved for future use. This field MUST be set to zero.
EncryptedPassword (variable): variable-length data containing an encrypted buffer. The buffer is encrypted using a group key obtained via [MS-GKDI]. The decrypted data contains a JSON string that uses the format specified in ms-LAPS-Password (section 2.64).