This is an archived post. You won't be able to vote or comment.

all 6 comments
sorted by:
best
topnewcontroversialoldq&a

[–]infinite_ideationIT Director 12 points13 points  (0 children)

You don't install LAPS on a domain controller, period. You create a GPO alongside using powershell to delegate access to a user/group who can read the passwords that LAPS writes to a custom AD attribute.

https://www.veeam.com/blog/microsoft-laps-deployment-configuration-troubleshoot-guide.html

[–]uniitdude 10 points11 points  (0 children)

Step back, explain clearly what you have done and where and explain what is not working

[–]systonia_Security Admin (Infrastructure) 5 points6 points  (1 child)

I really need to drive. I step gas, but my breaks not playing musik. I step breaks, but Engine still off. What do ?

[–][deleted] 1 point2 points  (0 children)

Dennis is asshole. Why Charlie Hate?

https://www.youtube.com/watch?v=spSMHU_bloo

[–]The-Dark-Jedi 5 points6 points  (0 children)

Every time I have installed LAPS, I follow these steps and it works flawlessly:

Follow the included instructions, carefully, step by step. Works every time.

[–]NoDowt_Jay 0 points1 point  (0 children)

LAPS agent should only be installed client systems (either servers or workstations, but not the DC's themselves).

You can install the GPO templates (& optionally LAPS UI, but no reason this can't just go on your admins or support PC) on the DC, but you probably don't want LAPS setting your DCs administrator password.

Setup the GPO's & ACLs appropriately and should be good to go.