Microsoft LAPS Quick Reference Guide

Local Administrator Password Solution - Configuration & Usage

Version 1.1 | Last Modified: January 22nd, 2025 | Author: Doug Hesseltine | Copyright Technologist.services 2025

What is LAPS?

Microsoft LAPS automatically manages local administrator passwords on domain computers. Each computer has a unique password that rotates regularly and is stored in Active Directory.

Looking Up LAPS Passwords

Method 1: Active Directory Users and Computers

1. Open "Active Directory Users and Computers"
2. Find the computer object
3. Right-click > Properties
4. Click the "LAPS" tab
5. Password displayed in the password field

Method 2: PowerShell

Get-LapsADPassword -Identity COMPUTERNAME -AsPlainText

Replace COMPUTERNAME with the actual computer name.

Common PowerShell Commands

Task	PowerShell Command
Get password for single computer	`Get-LapsADPassword -Identity PC001 -AsPlainText`
Get password with expiration date	`Get-LapsADPassword -Identity PC001 -AsPlainText \| Select-Object ComputerName, Password, ExpirationTime`
Force immediate password reset	`Reset-LapsPassword -Identity PC001`

Troubleshooting

Cannot see password? Contact your domain administrator to grant LAPS read permissions on computer objects.

Password not showing in AD? On the workstation, run gpupdate /force then Invoke-LapsPolicyProcessing