This is an automated archive.
The original was posted on /r/sysadmin by /u/regis_majestick_af on 2024-01-24 10:02:55+00:00.
Sorry for the bad english in advance, also am 16 and just learning how to use Active Directory and stuff.
Hey guys, in my internship my tutor asked me to see if it’s possible to add LAPS to the environment. I’m using 2 VM (1 Windows Server 2019 and Windows 10) to simulate it, and not screw stuff up with the real thing.
BTW it’s LAPS coupled with Active Directory.
Here are the steps I followed:
On Powershell in the Domain Controller.
‘Get-Command -Module LAPS’
‘Import-Module LAPS’
‘Update-LapsADSchema -Verbose’
After doing that I checked the presence of the Windows LAPS attributes (msLaps-) and they are there.
Afterwards:
Set-LapsADComputerSelfPermission -Identity “CN=TESTW10, CN=Computers DC=kirbi, DC=toto”
But then I found a problem. The tutorial I followed, said that I has to take the LAPS.admx file in:
C:\Windows\PolicyDefinitions\LAPS.admx
And put it in here:
C:\Windows\SYSVOL\sysvol\domain\Policies\PolicyDefinitions
(Btw I had to create the PolicyDefinition folder.)
I tried making a GPO, and a error message appeared.
I tried solving the error by copying the PolicyDefinition folder from C:\Windows\ and pasting it where I created my folder, and the message error didn’t appear this time.
(Pretty much replaces the PolicyDefinition folder I made, by the one that was in C:\Windows)
(I don’t know if there’s no error message because that’s how to fix it, or there’s an error that is not being detected rn)
I set up a few parameters for the GPO such as the legth of passwords and stuff, and I typed on Powershell ‘gpupdate /force’.
It says that the GPO is running, but I feel like I made a mistake of some sort.
I added the Windows 10 VM to the domain, and I can see it from the DC, however when I go to its LAPS properties, there’s nothing.
I also typed on PowerShell
Get-LapsADPassword “TESTW10” -AsPlainText
But there’s no result.
If you have any tips, other guides or experience to correct what I could’ve done wrong I would be really grateful.
Thank you for reading this far.
You must log in or register to comment.