Hi All,
We have a setup with a main domain and a subdomain.
I recently installed LAPS onto my system. But the issue is that sometimes the password resets after a little time, and sometimes the password never sets a password.
The Password Expiry time changes every time I do a request. If I do it in the GUI it always said password reset request was successful. I have tried it in powershell as well.
I went through all the following steps.
Installed Laps (both on my management server and DC)
Import-Module AdmPwd.Ps
Update-AdmPwdSchema
Went and checked and after that I have the ms-MCS-AdmExpirationTime and ms-Mcs-AdmPwd attributes.
Then I ran
Set-AdmPwdComputerSelfPermission -Identity Workstations
Set-AdmPwdReadPasswordPermission -OrgUnit Workstations -AllowedPrincipals Myuser
I also tried running
Set-AdmPwdResetPermission -Orgunit Workstations -AllowedPrincipals Myuser
Oh and I have gone and configured all the necessary GPO's and distributed them to the workstations in question.
If I go into a computer in that OU and look at the effective permissions Myuser has full control and is allowed to change the ms-mcs attributes. Self has access to Write ms-Mcs-AdmPwd and Ms-Mcs-AdmPwdExpirationTime and Read ms-Mcs-AdmPwdExpirationTime.
Is there something that I am missing here?