Web lists-archives.com

Re: [Samba] Extending Samba-4 Schema to get Microsoft LAPS working

Hello Rowland,

Finally Microsoft LAPS is working in our environment and I thank you for your support.

However, I noticed one thing. Microsoft LAPS is supposed to manage even the Built-In Account - "Administrator", but it not doing so. In my environment, While I am trying to figure out why it doesn't manage the Built-in administrator account, I have enabled another Group Policy to change the password of Built-in Administrator Account and disabled the same. Other local administrators are managed using Microsoft LAPS.

Thanks again for your support.

Best regards,


On 23/11/18 2:32 PM, Rowland Penny via samba wrote:
On Fri, 23 Nov 2018 08:03:15 +0530
Ardos <raghav@xxxxxxxx> wrote:


Thank you very much for your support.

With your ldif, one of the attributes got added to computer
container. Second one is having a trouble. The modification command
is reporting it is not able to find the attribute although it is very
much in the schema. I am checking this part out. Any suggestions to
figure out what's wrong and correct it?

Not really, I have never used LAPS, but I have extended AD several
times and it always the same, add an ldif containing the attributes,
then another containing the objectclasses. In your case the second ldif
needed to modify an existing objectclass.

All I can suggest is to check if both attributes are in AD and if they
have been added to the computer objectclass.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba