Hello,
Several months ago I configured LAPS on an AD network with Windows 11 workstations, using the LAPS MSI file pushed out by a GPO. I recently installed a new Windows 11 machine on the network, and thought the GPO would push the MSI file out to it, and thus, get the new machine's local admin pw to be managed by LAPS. That didn't happen, so I tried running the MSI on the new machine locally, but got a message saying that the legacy LAPS msi was blocked from running because it was a newer version of Windows 11. My question is, how do I enable LAPS to work on a newly-added computer running the latest version of Windows 11?
5 Comments
- JaySimmons
Microsoft
Status changed:NewtoCompleted I need help.
I am currently facing an issue where the trust relationship between a client computer and the domain controller has broken. As a result, the LAPS-managed local administrator password is not working.
Since the LAPS (Local Administrator Password Solution) policy is already applied, the old local administrator password no longer works, and I’m unable to retrieve or use the current password managed by LAPS.
Due to this, I am unable to rejoin the computer to the domain.
I would appreciate any guidance or suggestions on how to resolve this issue—specifically, how to regain local access or retrieve the LAPS password in order to rejoin the system to the domain.
Thank you.
- JaySimmons
Hi Tahirshah2090 ,
The key problem that you seem to be facing is that you can't retrieve the LAPS-managed password from Active Directory? What are teh exact resutls when you try to do that?
It's not good when the trust relationship gets broken, but I am unaware of any reason why that factor alone would cause the LAPS-managed account password to get out of sync.
Jay
- JaySimmons
Also Tahirshah2090 - it's not a big deal, but you posted your problem as a reply to someone else's issue. I am going to close this issue as Completed - please contact me via PM if you still need help.
- JaySimmons
Hello it-support-person ,
The older\original version of LAPS that is installed via MSI has been deprecated as of Windows 11 23H2 and later. Please see the following topic:
Deprecation of legacy Microsoft LAPS product
Installation of the legacy MSI has also been blocked as you found out.
Fwiw, that topic is on the landing page of the new Windows LAPS which is built into Windows and replaces the legacy version.
thanks,
Jay
