Hi @Mike808 - there are no plans for backporting Windows LAPS to additional platforms at this time.
Windows Server 2012 R2 is nearly out of mainstream support - I believe it ends on October 10th later this year - so customers should be looking to migrate away from that platform soon anyway.
The mainstream Windows Server 2016 editions still have plenty of life left (mainstream support ending in January 2027) but we had to draw the line somewhere and WS2016 did not make it. I am not going to say we cannot change the decision wrt WS2016, but we would need to hear a lot of customer feedback on the business case justifying why upgrading to WS2019 or later is not a viable option.
I know this is not likely to be a popular answer, but that is where things are at the moment.
I came here to upvote this (specifically for Server 2016), however upvotes are disabled as the feedback item has been marked as completed.
Without Server 2016 support, migrating to Windows LAPS will only be for newer server OS versions and our org will have to maintain both Windows LAPS and Legacy LAPS policies and procedures for the next several years.
With Server 2016 support, we can fully migrate to Windows LAPS and decommission any Legacy LAPS installers and policies.
@Cristopher Alaya - my mistake. I did not realize the issue was not up-voteable in the "Not at this time" state. I've put it back in Backlog status. Appreciate your feedback.
Hi everyone - While we love & appreciate the support for Windows LAPS, and we understand the desire to have a consistent management experience, the decision was made that we will not backport this new feature beyond Server 2019 and Windows 10. Server 2016 has been out of Mainstream support for 16 months now, and we do not release new features to those aging OSes.
The best way to take advantage of all the great new features that we have to offer in Windows, including Windows LAPS, is to upgrade to an OS in mainstream support.
I am closing down this feedback item. You are welcome to continue to leave comments, and if you have a support contract, you are welcome to file a DCR asking for this backport. We will continue to share both with our leadership & will let you know if this decision changes in the future. Thanks for your feedback!
"I am not going to say we cannot change the decision wrt WS2016, but we would need to hear a lot of customer feedback on the business case justifying why upgrading to WS2019 or later is not a viable option."
How can we submit that kind of feedback when we can't even upvote this?
I'll also add the following business case why we can't upgrade 150 WS2016 servers to WS2019 or later just to get Windows LAPS - we live in the real world. We don't have the resource to upgrade servers prior to natural obsolescence just to add lots of "new features" they don't need. When we upgrade versions of applications we put them on the latest OS. That runs the old ones down until we get end of support then we get rid of the rest. It would be lovely to have a team big enough to keep everything on the latest version of Windows, but it's just not practical. And frankly not back-porting this just feels like Microsoft using a big stick instead of a carrot. The code base isn't that radically different between 2016 and 2019 surely? Particularly if it was only supporting Windows Laps for Active Directory to get rid of all the Microsoft LAPS installs?
Thanks for your feedback. And just to confirm - your comment works as feedback. I'd also recommend reaching out to your TAM or other account executive, if you have a Microsoft support contract that provides those kinds of contacts.
Our take on this is no different than the thousands of other feature updates, non-security bugs, and similar code changes that have been fixed in 2019 and 2022 but will not backported to 2016.
The Windows lifecycle is fairly clear on this point. Server 2016 has been out of mainstream support for almost two years, since January 2022. At that point, we stop backporting new features and only provide resolutions to security vulnerabilities via Windows Updates. There is also an existing feature that works for this purpose, Microsoft/Legacy LAPS, so we are not leaving anybody in an unprotected state.
To speak to your business case - I completely understand & appreciate your passion on this topic. I was an admin for many years before coming to Microsoft. We ALL do live in and come from the real world... and the reality is that most software companies do not support many more than n-1 or n-2 versions of their software. Microsoft still provides security updates for 14 different OS versions in 2023 and we provide extended support for these OSes due to the reality of how customers upgrade. But we must draw the line somewhere, and that tends to be n-1 or n-2 when it comes to feature backports of this nature and scope. (I'd also ask for you to not make assumptions about the ease of backport or the codebase differences; the codebase is significantly different between every major OS release, and LAPS is a very large feature from a code perspective. Those are just a few of the factors that go into the backport decision.)
At the end of the day, we want people on the latest OSes - this should be no surprise to anybody who has supported Microsoft products for most of their career. That is why our focus is on the most recent OS versions. Server 2016 was released over 7 years ago now, and given the changes coming in Windows and particularly in Active Directory in Server vNext and beyond, we'd strongly recommend that you upgrade to a version of Windows Server in mainstream support.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
