Microsoft
MicrosoftDear Sandeep Deo
thank you for this magnificient addition and work on Windows LAPS.
Some parts in regards of Windows Server are unclear to me and I hope you can shed some light.
It is true that Windows LAPS can either save secrets to Entra ID (GPO says Azure AD) and local AD DS.
The announcement of Merill reads like Entra ID is required. I understand that yours and Merill's announcement focus on Windows LAPS for Entra ID, but should differentiate that is also possible to use it on-premises only for Windows Server and, if one wants to also Windows Client.
I have few questions on the mentioned hybrid join or Entra only joined devices.
Q: What is the preferred procedere to join Windows Server to Entra ID only or Hybrid?
Asking because Windows Server Core (GUI less) doesn't offer dsregcmd, very unfortunately.
Q: can we bring dsregcmd to Windows Server Core for feature parity. It exist on the GUI variant?
Q: I could imagine that joining Windows Server through Azure Arc is enough to make it hybrid joined. Is it? How about Entra Only, is it possible?
Q: Does Windows LAPS work with Entra Directory Services (former Azure AD Domain Controllers)?
