Andre Dupre Kuiper commented on FAQs for Microsoft Local Administrator Password Solution (LAPS) – Part 1 5 years, 5 months ago
Ren,
Hmm, it seems like you’re doing everything correctly.
It may sound dumb but are you typing in the admin password? I prefer to use Remote Desktop, then copy/paste the password, as I find it difficult to distinguish between some of the characters.
And the account you’re trying to log into is the built in local administrator (assuming you didn’t point LAPS at a different account) using “.administrator” to prevent it from trying to use a domain account.
Other than that I’m running out of ideas for you to try, sorry.
Andre Dupre Kuiper commented on FAQs for Microsoft Local Administrator Password Solution (LAPS) – Part 1 5 years, 5 months ago
Ren,
Strange… When you set the expiration to a date in the past, after restarting the client, did the password in ADUC/LAPS UI change? When you look at your group policy scope and filtering is the computer object subject to your LAPS policy?
If you have another administrator account you can log in with you could open an elevated command prompt and run “gpresults /r”. Verify under the Computer Settings > Applied Group Policy Objects section that you see your LAPS policy.
It may be the case that the computer object is not in the correct OU or group.
Andre Dupre Kuiper commented on FAQs for Microsoft Local Administrator Password Solution (LAPS) – Part 1 5 years, 5 months ago
Hi Ren,
Have you tried setting a new expiration time through LAPS UI? Choosing a date in the past then restarting the client will force a new password to be set.
I have noticed that a newly imaged machine (without removing the object from AD) will show the old password in LAPS but it won’t work until I set a new one.
Andre Dupre Kuiper became a registered member 5 years, 5 months ago