Allow LAPS to be ran at the Domain Level

Jay Simmons · ‎May 24 2023

Thanks @Cvanheusen - I have logged a bug on this and will see what I can do :).

Jay Simmons · ‎May 28 2023

@Cvanheusen - I tested this and found that the various permission-setting cmdlets will work just fine at the domain level as long as you specify the domain NC by DN.

Example:

PS C:\Windows\System32> Set-LapsADComputerSelfPermission -Identity "DC=laps,DC=com"

Name DistinguishedName
---- -----------------
laps DC=laps,DC=com

While it might be nice to be able to specify the domain by a short name, I think this is good enough for a cmdlet you are likely to only ever run once or twice? Lmk your feedback. If you agree with me that this is good enough, I'll add mention of this to the docs plus the PowerShell documentation examples.

thx,

Jay

Jay Simmons · ‎May 31 2023

@Cvanheusen ,

I've updated the documentation here...

Grant the managed device permission to update its password

...to include this tip:

Tip

If you prefer to set the inheritable permissions on the root of the domain, this is possible by specifying the entire domain root using DN syntax. For example, specify 'DC=laps,DC=com' for the -Identity parameter.

The online PowerShell cmdlet documentation update is also in-flight. Marking this feedback item as completed. Please PM offline if you have further feedback or questions.

Jay

Jay Simmons · ‎May 31 2023

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Allow LAPS to be ran at the Domain Level