Status:
New
LAPS Passwords Should Always Be Removed from AD When switching to Entra password backup
In our deployment of Windows LAPS, we've discovered two scenarios where the Legacy LAPS password details persists in Active Directory even though the device is now using Windows LAPS:
When changi...
JaySimmons
Microsoft
MicrosoftHi bmkaiser00 ,
Thanks for pointing this out. I have created a bug for this and will get back to you.
PS IIRC, Windows LAPS will only try to remove the legacy ms-Mcs-* attributes when the legacy LAPS GPO CSE (AdmPwd.dll) s no longer installed. You probably already knew that, mentioning it just in case.