0 votes

We are implementing Microsoft LAPS tool. https://technet.microsoft.com/en-us/lib ... 62591.aspx. I would like to setup an after computer object modification action that gives the "ManagedBy" user for a computer account rights to read the computers account Ms-Mcs-AdmPwd attribute then send an email message to the end user.

So what would happen is the helpdesk would assign the end user as the "ManagedBy" of the computer object.
A Business rule would be triggered on Modification of said attribute.
A PowerShell script in the Business rule would then set the rights to the modified computer for the "ManagedBy" user to read "Ms-Mcs-AdmPwd" attribute for that computer only.
An email would go out to the end user with instructions.

Issue:
- The PowerShell module that comes with the LAPS solution is not supported by Adaxes yet even though it only requires PowerShell 2.0 and up.
- I suppose I could use native PowerShell to set the read access to the attribute myself but it would be handy just to use the MS PS Module.

How would you go about setting something like this up?

Thank you

by (590 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

The easiest way would be to run your script in a new PowerShell instance. Since it is going to be a separate instance created outside of Adaxes, the limitation to use PowerShell 2.0 only will not apply. For information on how to run a script in a new instance, see the following sample in our Script Repository: http://www.adaxes.com/script-repository ... e-s290.htm.

Related questions

0 votes
1 answer

We use Server 2022 Active Directory Domain Services with the new LAPS Password Management system. Access to the old ms-Mcs-AdmPwd is no longer a valid option for displaying the ... ADaxes Just a little history - I have been using Adaxes and LAPS since 2012.

asked Aug 21 by George.Holden (60 points)
0 votes
1 answer

Hi: With LAPS using new schema and encryption, is there a way to return that with Adaxes? Thanks!

asked May 30, 2023 by crobitaille (80 points)
0 votes
1 answer

We are in the process of implementing LAPS in our environment. Is there an option / way to get the password from the Adaxes web portal?

asked Jun 15, 2020 by peggleg (110 points)
0 votes
0 answers

ACK - disregard the below question, the answer is simple and a misunderstanding on my part. For those searching this, simply expose the ms-mcs-admpwd computer property and as ... in the web UI. What might be the best/cleanest way to implement this? Thanks!

asked Aug 9, 2016 by VTPatsFan (610 points)
0 votes
1 answer

Is it possible to visually convert the computer property associated with the Local Administrator Expiration Date "ms-Mcs-AdmPwdExpirationTime" from an integer to a more readable date ... on the fly when the property is displayed in the web interface. Thanks!

asked Aug 16, 2016 by VTPatsFan (610 points)
3,589 questions
3,278 answers
8,303 comments
548,153 users