"Failed to parse the account's LAPS data"
TobiasSplinter opened this issue · 2 comments
Hello,
when setting the password via macOSLAPS I get the following error message in ADUC (ActiveDirectory User and Computer);
"Failed to parse the account's LAPS data"
Looking at the attributes set by macOSLAPS it looks like this:
In comparison to Linux entries managed by LAPS4LInux:
or the Windows entries:
Since this app is written for MDM admins as well and I have no clue how Microsoft decrypts those password I reckon a good way is to use the Native LAPS JSON format documented here in the section "msLAPS-Password".
If you are interested I could try myself on creating that string so you can implement it.
Best regards, Tobias
I started writing on a solution on this and came as far as putting together the correct string, that is interpreted by Microsoft LAPS "tab". During some testing I found that a lot of characters causing trouble and the error pops up again. So in order to use the new password string there needs to be a lot more (no clue how many) default RemovePassChars entries or a change to "PermittedPassChars".
Any thoughts on that?
Best regards, Tobias
Hmm this is interesting. Do you happen to know the characters it won't accept? This could be a default setting for macOSLAPS when using AD