Honolulu and LAPS


We have tested the use of LAPS in Honolulu and yes it works as intended but our AD administrators are not happy with the way it has to be configured (delegation on the DCs).

Wouldn't it be better to use a domain service account to run the Honolulu service and allow this service to read the LAPS attribute so it wouldn't be necessary to delegate rights ?


Thanks for your answer 



1 Reply

We understand the concern and looking into different options to support LAPS.