Active Directory, Local Administrator Password Solution
Microsoft has released a tool called LAPS (Local Administrator Password Solution) for managing local administrator passwords on computers that are joined to the domain. This tool automates management of the local Administrator account password, including generating a complex password on a rotating basis, and storing that password in a protected attribute on the computer object in Active Directory. For more information (including links to download the graphical LAPS tool and PowerShell module), please view Microsoft's documentation on LAPS.
For OU Administrators: This page contains information about support for Microsoft's LAPS (Local Administrator Password Solution) in UOFI Active Directory.
In order to use LAPS with computers in the UOFI domain, please send a request to firstname.lastname@example.org, including:
- The name of the OU where you'd like to use LAPS
- The name of a group that should be able to read the LAPS attributes on objects in your OU