Forum Discussion
MarcVDH
Oct 17, 2017Iron Contributor
Honolulu and LAPS
We have tested the use of LAPS in Honolulu and yes it works as intended but our AD administrators are not happy with the way it has to be configured (delegation on the DCs).
Wouldn't it be better to use a domain service account to run the Honolulu service and allow this service to read the LAPS attribute so it wouldn't be necessary to delegate rights ?
Thanks for your answer
Marc
- Hongtao Chen
Microsoft
We understand the concern and looking into different options to support LAPS.