joshua-d-miller/macOSLAPS

"Failed to parse the account's LAPS data"

TobiasSplinter opened this issue · 2 comments

Hello,

when setting the password via macOSLAPS I get the following error message in ADUC (ActiveDirectory User and Computer);
"Failed to parse the account's LAPS data"
image
Looking at the attributes set by macOSLAPS it looks like this:
image
In comparison to Linux entries managed by LAPS4LInux:
image
or the Windows entries:
image

Since this app is written for MDM admins as well and I have no clue how Microsoft decrypts those password I reckon a good way is to use the Native LAPS JSON format documented here in the section "msLAPS-Password".

If you are interested I could try myself on creating that string so you can implement it.

Best regards, Tobias

I started writing on a solution on this and came as far as putting together the correct string, that is interpreted by Microsoft LAPS "tab". During some testing I found that a lot of characters causing trouble and the error pops up again. So in order to use the new password string there needs to be a lot more (no clue how many) default RemovePassChars entries or a change to "PermittedPassChars".
Any thoughts on that?
Best regards, Tobias

Hmm this is interesting. Do you happen to know the characters it won't accept? This could be a default setting for macOSLAPS when using AD