none
LAPS - Admin account management is not enabled

    Question

  • I'm expiriencing an issue, passwords do not update.
    On the client side, in Event log, I see a message:
    
    Admin account management not enabled, exiting
    
    In group policy object, the option "Enable local admin password management" is enabled,
    the GPO is linked to correct OU,
    however, when I run group policy results, I do not see LAPS option in report, but the GPO is shown as Applied.
    Tuesday, June 30, 2015 6:35 AM

Answers

  • > Now I got "Could not get local Administrator account. Error 0x80070534."
     
    # as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x534
    # for hex 0x534 / decimal 1332 :
      ERROR_NONE_MAPPED
    winerror.h
    # No mapping between account names and security IDs was done.
    # 1 matches found for "0x80070534"
     
    The account you specified in your LAPS policy seems to be unavailable.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Tuesday, June 30, 2015 11:38 AM

All replies

  • Is this policy targeted at the USER or Computer ?

    If either, are they in the OU ?

    Also under the security filtering do you have "authenticated users" set


    Cheers,

    Andrew

    MCSE, MCSA, VCP, CCNA, SNIA

    Microsoft Infrastructure Consultant

    Blog: Network Angel LinkedIn:

    Note: Please remember to mark as "propose as answer" to help other members. Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, June 30, 2015 9:19 AM
  • >Is this policy targeted at the USER or Computer ?

    Accordingly to laps operations guide, the policy is targeted to computer

    "The settings are located in under Computer Configuration\Administrative Templates\LAPS."

    >If either, are they in the OU ?

    The policy is linked to the "root" OU, which contains sub-OUs within computers in many locations

    >Also under the security filtering do you have "authenticated users" set

    Yes

    Tuesday, June 30, 2015 9:30 AM
  • I've found some additional information in section "Component status", in GPO results:

    AdmPwd Success (no data)

    What this means?

    Tuesday, June 30, 2015 9:38 AM
  • I've created a new group policy object and moved laps preferences to it.

    Now I got "Could not get local Administrator account. Error 0x80070534."

    My built-in administrator account is locked. In GPO,  I've specified the other name of admin account to manage, not "Administrator".

    Should I populate the new admin account whitin "local users and groups" group policy option?

    Tuesday, June 30, 2015 10:09 AM
  • > Now I got "Could not get local Administrator account. Error 0x80070534."
     
    # as an HRESULT: Severity: FAILURE (1), Facility: 0x7, Code 0x534
    # for hex 0x534 / decimal 1332 :
      ERROR_NONE_MAPPED
    winerror.h
    # No mapping between account names and security IDs was done.
    # 1 matches found for "0x80070534"
     
    The account you specified in your LAPS policy seems to be unavailable.
     

    Greetings/Grüße, Martin

    Mal ein gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me - coke bottle design refreshment (-:
    Tuesday, June 30, 2015 11:38 AM