How to generate and export LAPS information in reports using ADManager Plus

Last updated on:

In this article:

Objective

This article explains how to retrieve and export Local Administrator Password Solution (LAPS) information using ADManager Plus. LAPS helps you securely manage the local administrator passwords of domain-joined computers. By configuring ADManager Plus to access this information, you can generate reports for auditing, enhance visibility, and maintain better control over local account credentials across your environment.

Prerequisites

  • LAPS must be deployed and configured in your Active Directory (AD) environment.
  • ADManager Plus must have permission to read LAPS attributes (ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime) from AD.
  • If the primary domain controller is running Windows Server 2022 or above, please configure it in ADManager Plus under Directory/Application Settings.
  • LAPS attributes must be extended to the schema and applied to computer objects.
  • Please make sure remote PowerShell is enabled from the server where ADManager Plus is installed and the domain controller is configured.
  • The technician configured in ADManager Plus should have access to view the LAPS information.
Note:

To provide the technician with access, navigate to Delegation > Help Desk Delegation > Help Desk Technicians, locate the technician, click Edit > Show Advanced, and enable Display LAPS information in reports.

Steps to follow

A. For legacy Microsoft LAPS

  1. Log in to ADManager Plus.
  2. Navigate to Reports > Computer Reports > General Reports > Workstation Computers.
  3. Select the domain and OU from which you want to retrieve the information.
  4. Click Generate.
  5. Once the report is generated, click Add or Remove Column, move Local Administrator Password(LAPS) from Available Attributes to Selected Attributes, and click OK.
  6. Click the Export As option to download the report in your preferred format (CSVDE, CSV, PDF, XLSX, or HTML).

For Windows LAPS

  1. Log in to ADManager Plus.
  2. Navigate to the AD Explorer option in the top-right corner of the dashboard.
  3. Browse to the location of the computer for which you want to view the data.
  4. Under the Properties tab, in the LAPS Details section, view the local administrator password information.
  5. Click the Export As option to download the report in your preferred format (CSV, PDF, XLSX, or HTML).
Note:
  • You can also schedule this report for automated delivery via email under Reports > Schedule Reports.
  • Once the report runs, it will display the LAPS password and its expiration time for each computer, provided the necessary permissions are in place.

Tips

  • Always ensure that only authorized users have access to reports containing LAPS passwords.
  • For added security, restrict report export permissions to specific technician roles.
  • Schedule regular LAPS reports to stay informed of password expiration timelines.

How to reach support

If the issue persists, contact our support team here.