Forum Discussion

Rob_Lam's avatar
Rob_Lam
Copper Contributor
Jul 30, 2024

LAPS Creation using Intune

Hi All     I am trying to get Intune to create a Local Admin Account and I am using the method of adding  OMA-URI Settings but for some reason the account is created but it's not adding to the a...
Intune
laps
fbatuns's avatar
fbatuns
Copper Contributor
Aug 09, 2024

Rob_Lam i there a reason of setting up LAPS with OMA-URI Settings? Intune integrated LAPS-Configuration in the Endpoint-Security Menu (Account Protection). We use it with Entra-ID-Joined and Hybrid Joined devices, this works very well and was straight forward.

Just make sure, the Endpoints are on the latest Versions of Windows 10 and 11 because LAPS was not natively integrated in Windows 10/11 before April 2023.

 

Also: Sometimes I had the issue that i was not able to see the LAPS-Password in Intune but in the Entra-ID-Device Portal, but not sure if thats still the case.

Rob_Lam's avatar
Rob_Lam
Copper Contributor
Aug 10, 2024
Hi

No there isn't any reason.
The reason behind it was that the script didn't work so I tried OMA-URI settings.
In both scenarios they both create the apexadmin account but does not add it to local admin group

All our machines are running Windows 11 23H2.
  • ppel123's avatar
    ppel123
    Copper Contributor
    Aug 10, 2024

    I find it weird that the user is not being added to the local admin group.
    What I would do is build a troubleshooting mechanism to understand at which point it fails.
    First of all if you run the script that creates the user and add it to the local admin group locally on a local machine or on demand on a test machine, does it work?

    If yes then add some logging to your script:

     

    Start-Transcript -Path "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\LocalAdminScriptLogs.txt" -Append -ErrorAction Stop

try{
    # you code goes here with write hosts to depict the code flow into the log file 
    # add -ErrorAction stop to throw errors to the catch clause
}
catch{
    # depict the error to the log file
    Write-Error "An error occurred during detection: $_"
}
finally{
    Stop-Transcript
}

     

     

    Then you could collect the logs following this guide.

Resources