The below LAPS Password Recovery Tool For Deleted Objects and those still in AD is created to allow you also recover the Microsoft LAPS administrator password of objects that have been deleted but that are still within the tombstone period of your Active Directory Forest.
This is the only advantage over Microsofts own GUI but is useful if you were to delete lots of machines from Active Directory and subsequently need to get in to it without restoring the object.
It will need to be run as an account that has permissions to ready the ms-Mcs-AdmPwd property and requires the Active Directory PowerShell module to be available (RSAT)
The GUI first uses the below to get the LAPs password for those machines that exist in AD.
Get-ADComputer -Identity $ComputerName -properties Name, ms-Mcs-AdmPwd, Modified | Select-Object Name, ms-Mcs-AdmPwd, Modified -ExpandProperty ms-mcs-admpwdIf it is unable to locate the machine in AD it will then check for deleted items that match the name
Get-ADObject -Filter { (isdeleted -eq $true) -and (name -ne "Deleted Objects") -and (name -like $DeletedObjectsComputerName) } -includeDeletedObjects -property Name, ms-Mcs-AdmPwd, Modified | Select-Object Name, ms-Mcs-AdmPwd, Modified -ExpandProperty ms-mcs-admpwdIt does various checks for the AD Module, Blank computer name and also provides meaningful errors for machines it can find with no LAPs password and those it cannot find.
4 replies on “GUI: LAPS Password Recovery Tool”
Hi
can you please help in download the utility
Thanks
Jordi
Hi, any chance I can grab your tool for download?
hi. can you please send me the utility?
Can I get the utility as well please?
Thanks
Chris