Currently, you have to set LAPS at the OU level. In a large organization with upwards of 500 OUs across multiple domains, that is a daunting task. Allow it to be set at the Do main level will ease ...
JaySimmons
Microsoft
Microsoft
I've updated the documentation here...
Grant the managed device permission to update its password
...to include this tip:
Tip
If you prefer to set the inheritable permissions on the root of the domain, this is possible by specifying the entire domain root using DN syntax. For example, specify 'DC=laps,DC=com' for the -Identity parameter.
The online PowerShell cmdlet documentation update is also in-flight. Marking this feedback item as completed. Please PM offline if you have further feedback or questions.
Jay