I have a two-way trust between domains. We discovered the LAPSs UI and Powershell commands don't work between domains.
1. Permissions are correctly set for admins in Domain A to see the ms-Mcs-AdmPwd attibute in Domain B, and verified by ADUC and PS commands using the ActiveDirectory module.
2. The LAPs UI won't return the password, but sees the password expiration date.
3. The Powershell commands using the AdmPwd.ps module don't return the password, only the expiration date.
4. I turned on auditing to eventlogs in the Registry and don't see any entries which could solve this issue.