Velvet Star Monitor

Standout celebrity highlights with iconic style.

news

Microsoft LAPS, trying to set read and reset permissions on a group but it keeps failing

Writer Sebastian Wright

I have been trying to set up a test environment in HyperV with 2 test computers on Windows 10 and a single Windows Server 2019 of implementing LAPS, as I will potentially be presenting this technology to the team in the near future. I have installed a test domain and set up some OU's, joined computers to the domain, etc. I verified with the Get-ADOrganizationalUnit that the OU's exist.

I have been trying to execute the command

set-admpwdreadpasswordpermission -Identity "OU=Workstations,OU=TestComputers,DC=test,DC=com" -AllowedPrincipals "LAPS_Read,LAPS_Admin"

yet it keeps failing out with

set-admpwdreadpasswordpermission : Some or all identity references could not be translated. At line:1 char:1

  • set-admpwdreadpasswordpermission -Identity "OU=Workstations,OU=TestCo ...
  •  + CategoryInfo : NotSpecified: (:) [Set-AdmPwdReadPasswordPermission], IdentityNotMappedException + FullyQualifiedErrorId : System.Security.Principal.IdentityNotMappedException,AdmPwd.PS.DelegateReadPasswordPermi
ssion

I am certain I have spelled things correctly, yet it still fails out. I also have made sure I imported the admpwd.PS module. P.S I am new to powershell, yet everything else has succeeded to this point, like the set-admpwdComputerselfpermission (may have spelled wrong), this command outputed the status of delegated showing that it worked. Please offer some help, Thanks!

edit: I have got it to work for a user account; however, the groups still fail...

1 Answer

Try to use SID instead of groupnames @("S-1-5-21-XXXXXXX.....")

which version of LAPS are you trying to configure? Be aware of the difference between "Legacy-LAPS" & "Windows-LAPS" Windows-LAPS has been implemented into the OS in April 2023 by Windows Updates. It uses complete different AD-Attributes, GPOs & Commands than Legacy-LAPS and is not compatible to the old LAPS-Agent. Windows-LAPS is an agentless feature now and requires at least Windows Server 2019 CU 04-2023 and Windows 10 22H2 CU 04-2023 or above

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

Similar Journal

View All

How does 3 tick fishing work?

May 2026

Tetra Master: What are the full rules?

May 2026

Do lure modules and incense cause new pokemon to spawn near you, or existing pokemon to be drawn to you?

May 2026

What is the strongest fixed location equipment you can obtain at Level 1?

May 2026