A simple way to read and write LAPS passwords from linux.
This script is a go setter/getter for property ms-Mcs-AdmPwd
used by LAPS inspired by @swisskyrepo's SharpLAPS in C#.
Require (either):
- Account with
ExtendedRight
orGenericRead
to get LAPS passwords - Account with
ExtendedRight
orGenericWrite
to set LAPS passwords - Domain Admin privileges
__ ___ ____ _____
____ _____ / / / | / __ \/ ___/
/ __ `/ __ \/ / / /| | / /_/ /\__ \
/ /_/ / /_/ / /___/ ___ |/ ____/___/ /
\__, /\____/_____/_/ |_/_/ /____/ v1.2
/____/ @podalirius_
[!] Option -host <host> is required.
Usage of ./bin/goLAPS:
-debug
Debug mode
-domain string
(FQDN) domain to authenticate to.
-hashes string
NT/LM hashes, format is LMhash:NThash.
-host string
IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted it will use the domain part (FQDN) specified in the identity parameter.
-password string
password to authenticate with.
-port int
Port number to connect to LDAP server.
-quiet
Show no information at all.
-use-ldaps
Use LDAPS instead of LDAP.
-username string
User to authenticate as.
Pull requests are welcome. Feel free to open an issue if you want to add other features.