Skip to content

Instantly share code, notes, and snippets.

@PixelRobots PixelRobots/Microsoft_LAPS.ps1 Secret
Last active Oct 9, 2018

Embed
What would you like to do?
Import-Module AdmPwd.Ps
Update-AdmPwdADSchema
# Changing the -Identity to the OU name you want to check against.
Import-Module AdmPwd.Ps
Find-AdmPwdExtendedRights -Identity "Computers"
# Changing the -Identity to the OU name you want to allow the "Help Desk" group the permission to view the LAPS password
Import-Module AdmPwd.Ps
Set-AdmPwdReadPasswordPermission -Identity "Computers" -AllowedPrincipals "Help Desk"
# Changing the -Identity to the OU name you want to check against.
Find-AdmPwdExtendedRights -Identity "Computers" | FT objectDN, ExtendedRightHolders -autosize
# Changing the -Identity to the top level OU name you want to allow the permission to. This action is recursive.
Import-Module AdmPwd.Ps
Set-AdmPwdComputerSelfPermission -Identity "Computers"
# Changing -ComputerName to the computer you want to see the password for
Get-AdmPwdPassword -ComputerName PIXEl-W10-01
# Changing the -Identity to the OU name you want to allow the "Help Desk" group the permission to reset the LAPS password
Set-AdmPwdResetPasswordPermission -Identity "Computers" -AllowedPrincipals "Help Desk"
# Changing -ComputerName to the computer you want to reset the password for.
Reset-AdmPwdPassword -ComputerName PIXEl-W10-01 -WhenEffective "06.09.2017 23:00"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.