Event banner

Managing local admin account passwords in AD and Azure AD

Event Ended
Wednesday, Oct 26, 2022, 08:00 AM PDT
Online

Event details

What? Can it be? A session on LAPS? Yes!! The Local Administrator Password Solution (LAPS) has been widely used by IT pros for nearly a decade to secure Windows devices, aid in device recovery, and s...
Heather_Poulsen
Updated Dec 27, 2024
Technical Takeoff
JaySimmons's avatar
JaySimmons
Icon for Microsoft rankMicrosoft
Oct 27, 2022
Hi James, When you restore a deleted Computer object in AD, the object will be restored with whatever LAPS passwords were on the object when it was deleted in the first place. There is no automatic synchronization support related to LAPS in this scenario. Once the computer is up and running again and has a re-established trust channel with the AD domain, the LAPS client logic will continue to rotate the password as required. If the Computer object was deleted for a long time, it is very likely that the password-expiry timestamp has long since passed, in which case the LAPS client logic will rotate the password very soon. I am not 100% sure I answered your question, lmk if not.
JamesIversen's avatar
JamesIversen
Copper Contributor
Dec 12, 2022
To a certain extent you have answered my question the way I figured it would be. As long as the password attribute is visible to the back-up\restoration process, the restored Computer object will retain the timestamped password until trust is restored and expiration forces a change. Thanks!
Date and Time
Oct 26, 20228:00 AM - 8:30 AM PDT