none
LAPS Management UI query RRS feed

  • Question

  • Hi All,

    We have one forest and two domains which has transitive trust.

    A - Forest

    B - Child domain

    C - Child domain

    After implementing LAPS in both the domains, can we use single management server which can be placed in either of the child domains and is it possible to read and reset of passwords.

    For ex:

    I have installed management tools in C domain , Can we reset or read the credentials of workstation which is in B domain.

    Kindly advice.

    Regards

    Afsar 

    Thursday, October 3, 2019 11:24 AM

All replies

  • Yes, you can perform from any of the trusted domains.

    Regards, MC Manikandan

    • Marked as answer by Afsar Shariff Friday, October 4, 2019 10:07 AM
    • Unmarked as answer by Afsar Shariff Friday, October 4, 2019 10:07 AM
    Thursday, October 3, 2019 8:37 PM
  • Hello,
    Thank you for posting in our TechNet forum.

    I think we can only read and reset passwords of machines in every domain.

    For example, I have two forest, they are a.local and b.local. They have two-way transitive forest trust.


    I deploy LAPS in both forest.

    A.local has one machine called vchzho356.

    B.local has two machine called ca2 and win10-1809.

    1. In a.local, I can read local administrator password of machines in a.local.

    2. In b.local, I can read local administrator password of machines in b.local.


    3. In a.local, I can not read local administrator password of machines in b.local.


    4. In b.local, I can not read local administrator password of machines in a.local.




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, October 4, 2019 3:44 AM
  • Hi Daisy,

    Do we have any Microsoft article which says it support in its own domain where the LAPS server is located.

    As  you have mentioned In a.local, we can read local administrator password of machines in a.local.

    Kindly Advice. Thanks!!

    Friday, October 4, 2019 10:07 AM
  • You mean I can read the password of A domain from B domain Laps management UI computer? If Yes, Any technical reference will be much appreciated. Thanks!!
    Friday, October 4, 2019 10:08 AM
  • I have tested in my environment and confirm that I can read the password from all trusted domains within the same forest. I am not sure about the multi forest behavior.

    Regards, MC Manikandan


    Friday, October 4, 2019 10:21 AM
  • Where is your LAPS management workstation located? I mean in which domain .

    I you are in A domain, and if you are able to search the machine from B domain. What is the configuration you have done to achieve that, are you giving FQDN of computer while searching?

    Regards

    Afsar

    Friday, October 4, 2019 11:17 AM
  • My LAPS Management tool is installed on one of my member server from A domain and able to search the machine from B domain with netbios name. No special configuration require to achieve this.

    Regards, MC Manikandan

    Saturday, October 5, 2019 11:05 AM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, October 7, 2019 4:14 AM
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.
    Thanks for your time and have a nice day!

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 9, 2019 2:41 AM