Forum Discussion

jenit's avatar
jenit
Copper Contributor
Apr 27, 2023
Solved

Issue opening GPO after LAPS update april 11. Issue password writeback azureAD

Hi everyone

 

We are wondering why our password writebacks (azureAD sync) stopped working a few weeks ago. 

I found that when trying to open a random GPO, we get an error that the LAPS.admx file could not be found. However, we found out that the file is in place, but the LAPS.ADML file is not. Probably the error indicates the ADML file is missing. Since this is related to password, we suspect that to be the issue why azureAD is not writing back cloud changes in passwords. 

 

I tried installing the latest GPO templates, but LAPS is not in them. How can we fix this issue? I can't find this adml file online. 

 

Thanks

 

Jen

GPO LAPS ADMX
Windows Server
  • Nick_A's avatar
    Nick_A
    Apr 28, 2023
    I just went through something similar trying to find these policy files. Go to one of your domain controllers and search for LAPS.ADM* under C:\Windows. It should find about 4 of these files, 2 of them being LAPS.admx and another 2 for LAPS.ADML.

    Copy only the LATEST version of each file:
    LAPS.admx -> \\domaincontroller\sysvol\domain\Policies\PolicyDefinitions
    LAPS.adml -> \\domaincontroller\sysvol\domain\Policies\PolicyDefinitions\EN-US

    That should solve the missing policies in the group policy editor until MS releases updated GP policy bundles.

6 Replies

  • Alban1998's avatar
    Alban1998
    Iron Contributor
    May 02, 2023
    Hello,
    April updates include a brand new LAPS, superceding/ old LAPS. This include new ADMX files (LAPS for the new ones, AdmPwd for the old ones). This new LAPS is only available on Windows 10/11 and Windows Server 2019/2022.
    As always, make sure you follow those best practices :
    - Implement a Central Store
    - Make sure the OS you run your GPMC on is still supported (ideally, the latest operating system available) and is fully updated
    - Make sure your domain controllers run a supported OS (ideally, with full support, so 2019+) and are fully updated
    Also, I do not recommend to update ADMX files within C:\Windows directly as you might break the OS.
    • jenit's avatar
      jenit
      Copper Contributor
      May 05, 2023
      could this be the reason why our AZURE AD password writeback isn't working anymore?
  • Nick_A's avatar
    Nick_A
    Iron Contributor
    Apr 28, 2023
    I just went through something similar trying to find these policy files. Go to one of your domain controllers and search for LAPS.ADM* under C:\Windows. It should find about 4 of these files, 2 of them being LAPS.admx and another 2 for LAPS.ADML.

    Copy only the LATEST version of each file:
    LAPS.admx -> \\domaincontroller\sysvol\domain\Policies\PolicyDefinitions
    LAPS.adml -> \\domaincontroller\sysvol\domain\Policies\PolicyDefinitions\EN-US

    That should solve the missing policies in the group policy editor until MS releases updated GP policy bundles.
    • nyadron's avatar
      nyadron
      Copper Contributor
      May 23, 2024
      Thank you Nick,

      It worked like magic!!!
      • Karl-WE's avatar
        Karl-WE
        MVP
        Jun 03, 2024
        Windows LAPS should be now part of ADMX files. Consider using EvergreenADMX (github) for easy and continuous ADMX management.
    • jenit's avatar
      jenit
      Copper Contributor
      May 05, 2023
      I tried that, but it returned a syntax error on opening the file. I only found 1 file dated 31/03/2023.

Resources