Event details

What? Can it be? A session on LAPS? Yes!! The Local Administrator Password Solution (LAPS) has been widely used by IT pros for nearly a decade to secure Windows devices, aid in device recovery, and s...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
GaryBaer's avatar
GaryBaer
Brass Contributor
Oct 26, 2022
What will the new LAPS do with HAADJ devices? Will the LAP be stored on-prem and AAD, or just one or the other? Also, what about HAADJ Autopiloted devices which end up with two Azure device objects (one AADJ and one HAADJ)?
  • JaySimmons's avatar
    JaySimmons
    Icon for Microsoft rankMicrosoft
    Oct 26, 2022
    This new version of LAPS fully supports HAADJ devices. However, we only support storing the password in ONE directory at a time, not both. It's your choice to make via policy configuration.
    • GaryBaer's avatar
      GaryBaer
      Brass Contributor
      Oct 26, 2022
      Thank you for that... I assume then that only the HAADJ object in AAD will be attached to the LAPS environment? We've been trying to figure out how to resolve the multiple objects created when doing a HAADJ during Autopilot. Once the HAADJ device is ready to go, there is still a "disabled" AAD device object in Azure.
      • JaySimmons's avatar
        JaySimmons
        Icon for Microsoft rankMicrosoft
        Oct 26, 2022
        I am not familiar with the Autopilot-related issue you've described, but I am sure that once the device is joined and deployed and reaches final state, new versions of the LAPS managed account password will be stored on the active AAD device object for that machine.