MicrosoftI am struggling to understand steps required to fully migrate from legacy LAPS to LAPS in Emulation mode with all the new features. My understanding is that we have legacy LAPS on our servers and we patch our servers often so these servers already have got the important updates. I can also see event like below (event id 10023) on some of the servers. Do I have to go and check all servers to ensure this event id is there, just to be sure?
The current LAPS policy is configured as follows:
Policy source: Legacy LAPS
Backup directory: Active Directory
Local administrator account name:
Password age in days: 30
Password complexity: 4
Password length: 8
Password expiration protection enabled: 0
And as per below KB, above clearly indicates it's running Legacy LAPS Emulation mode.
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-scenarios-legacy?source=recommendations
However, I am not sure what else I need to do to take advantage of features like backing up old passwords etc. I don't see more GPO settings in our current LAPS GPO as well.
Steps mentioned here under "Requirements and Limitations" are quite confusing to be honest and not very clear in terms of step by step requirements to ensure all servers are using LAPS in Emulation mode with all latest features possible
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-scenarios-legacy
Anyone has got better idea on how to proceed??
