Event banner
Event details
"Is there a specific configuration required for LAPS on Autopilot hybrid domain-joined devices? Although the policy shows as succeeded on the device, it states 'No local administrator passwords found.' It worked for Azure-joined devices but not for those in the hybrid domain-joined setup."
LauraArrizza
Microsoft
MicrosoftThanks Glenda for the question! I would suggest confirming that the LAPS policy configurations are set up correctly to match the backup storage location with the type of device you are targeting. i.e. either AAD or AD only. If the storage location is configured correctly, I would confirm that the policy reports back the device has the settings applied Successfully (via the policy report or the device report) or complete a policy sync/refresh the page until it appears. There is also a prerequisite to toggle LAPS "on" in Entra portal. Hope that helps! Check out docs for more info: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-management-policy-settings
- Thanks for the reply. The Backup Directory is set to Azure AD only but I can't read the LAPS info for the device in the case of a hybrid domain joined device. Do I need any different configuration for the hybrid domain joined?
- LauraArrizzaCan you see the registry keys hitting the endpoint? Note, if you are targeting a specific local admin account, this must be created before you can configure the LAPS policy. i.e. the LAPS policy does not create new local admin accounts for devices.