• Ren,

    Hmm, it seems like you’re doing everything correctly.

    It may sound dumb but are you typing in the admin password? I prefer to use Remote Desktop, then copy/paste the password, as I find it difficult to distinguish between some of the characters.

    And the account you’re trying to log into is the built in local administrator (assuming you didn’t point LAPS at a different account) using “.administrator” to prevent it from trying to use a domain account.

    Other than that I’m running out of ideas for you to try, sorry.

  • Ren,

    Strange… When you set the expiration to a date in the past, after restarting the client, did the password in ADUC/LAPS UI change? When you look at your group policy scope and filtering is the computer object subject to your LAPS policy?

    If you have another administrator account you can log in with you could open an elevated command prompt and run “gpresults /r”. Verify under the Computer Settings > Applied Group Policy Objects section that you see your LAPS policy.

    It may be the case that the computer object is not in the correct OU or group.

  • Hi Ren,

    Have you tried setting a new expiration time through LAPS UI? Choosing a date in the past then restarting the client will force a new password to be set.

    I have noticed that a newly imaged machine (without removing the object from AD) will show the old password in LAPS but it won’t work until I set a new one.

  • Andre Dupre Kuiper became a registered member 5 years, 5 months ago

© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account