Event banner

AMA: Windows LAPS

Event Ended

Wednesday, May 31, 2023, 10:30 AM PDT

Online

Event details

Ask Microsoft Anything about Windows Local Administrator Password Solution (LAPS)! From policy configuration and password storage or retrieval to interacting with managed devices, we’ll be here to an...

Updated Dec 27, 2024

Copper Contributor

May 31, 2023

I have all 2016 DCs and 2016 Domain Functional Level on prem domain, along with a handful of 2016 servers, mostly 2019 servers, and Win 10/11 workstations. I won't be able to update any 2016 DCs or functional level or servers for another year or so. Would you update to the new Windows LAPS now, or wait until all servers and domain are 2019 or higher?

Cliff_Fisher

Microsoft

May 31, 2023

I don't see any reason to delay deployment. You are already at the max DFL & you can protect the supported versions now while working to upgrade the rest.

rerhart
Copper Contributor
May 31, 2023
Ok, thanks. Just gets somewhat confusing when hear that the new Windows LAPS is only supported on 2019 and higher.
- JaySimmons
  Microsoft
  May 31, 2023
  rerhart sorry for that confusion. Not sure how that meme got started, but it is a complicated topic to explain.
  
  Just to add on to Cliff's reply, you might also take a look at this topic:
  
  Domain functional level and domain controller OS version requirements
  
  ...where I've tried to make the various tradeoffs clear.
  
  thx,
  
  Jay
  - rerhart
    Copper Contributor
    May 31, 2023
    Great, thanks Jay. So, I can successfully enable and configure the new Windows LAPS in my 2016 functional domain with 2016 Domain Controllers (and Windows 10 & 11 workstations), but I CANNOT: 1. Use DSRM with it. 2. Use new WIndows LAPS on any 2016 and older non-DC servers...(but can use the old Microsoft LAPS on those old servers.)

Date and Time

May 31, 202310:30 AM - 11:30 AM PDT