LAPS Module
This reference provides cmdlet descriptions and syntax for the Windows Local Administrator Password Solution (LAPS) module. It lists the cmdlets in alphabetical order.
LAPS Cmdlets
| Cmdlet | Description |
|---|---|
| Find-LapsADExtendedRights |
Queries Active Directory (AD) to find principals that have been granted permission to read Windows Local Administrator Password Solution (LAPS) password attributes. |
| Get-LapsAADPassword |
Queries Microsoft Entra ID for the Windows Local Administrator Password Solution (LAPS) credentials on a specified Microsoft Entra device. |
| Get-LapsADPassword |
Queries Windows Local Administrator Password Solution (LAPS) credentials from Active Directory (AD) on a specified AD computer or domain controller object. |
| Get-LapsDiagnostics |
Collects Windows Local Administrator Password Solution (LAPS) logs and tracing from the local machine. |
| Invoke-LapsPolicyProcessing |
Causes Windows Local Administrator Password Solution (LAPS) to process the currently configured policy. |
| Reset-LapsPassword |
Causes Windows Local Administrator Password Solution (LAPS) to immediately rotate the password for the currently managed local account. |
| Set-LapsADAuditing |
Configures an Active Directory (AD) Organizational Unit (OU) to enable auditing on the Windows Local Administrator Password Solution (LAPS) password schema attributes. |
| Set-LapsADComputerSelfPermission |
Configures permissions on an Active Directory (AD) Organizational Unit (OU) to enable computers in that OU to update their Windows Local Administrator Password Solution (LAPS) passwords. |
| Set-LapsADPasswordExpirationTime |
Sets the Windows Local Administrator Password Solution (LAPS) password expiration timestamp on an Active Directory (AD) computer or domain controller object. |
| Set-LapsADReadPasswordPermission |
Configures security on an Active Directory (AD) Organizational Unit (OU) to grant specific users or groups permission to query Windows Local Administrator Password Solution (LAPS) passwords. |
| Set-LapsADResetPasswordPermission |
Configures security on an Active Directory (AD) Organizational Unit (OU) to grant specific users or groups permission to set the Windows Local Administrator Password Solution (LAPS) password expiration time. |
| Update-LapsADSchema |
Extends the Active Directory (AD) schema with the Windows Local Administrator Password Solution (LAPS) schema attributes. |