Closed kadeemcallum closed 5 years ago
So what that looks like is your computer record does not have write access in Active Directory. Could you verify that the computer record can change things about itself in Active Directory?
@kadeemcallum were you able to write the password to Active Directory after changing the computer attribute so it can write to itself in AD?
Hi, I am experiencing the same issue kadeemcallum.
Warning|Thu Feb 15, 2018 09:06:35 am|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|Thu Feb 15, 2018 09:06:35 am|macOSLAPS|Password Change is required as the LAPS password for admin has expired
The Mac is running macOS 10.13.3 and is bound to 2012 R2 Windows Domain. The mac computer object is within the same OU as Windows 10 computers which have LAPS working, so the SELF permission is set correctly to write to the ms-Mcs-AdmPwd value.
I have macOSLAPS version 1.0.3 installed and attached is my .plist file. edu.psu.macoslaps.txt
Any ideas?
Thanks.
@paulgab is your admin account actually called admin?
No, the admin account is named differently. I didn’t want to reveal what we actually use.
On 9 Mar 2018, at 11:36 pm, Joshua D. Miller notifications@github.com wrote:
@paulgab is your admin account actually called admin?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
Thanks, the machine was changed added to AD and it was fixed
@kadeemcallum did you just unbind and re-bind the same computer and then it started to work?
When running the "macoslaps" command in terminal I receive this error. Any suggestions as to how to fix or why this error is being given?
This is my first time trying to run the macosLAPS. Tried debugging but was unsuccessul and had the same results
Warning|Wed Jan 24, 2018 11:28:17 AM|macoslaps|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|Wed Jan 24, 2018 11:28:17 AM|macoslaps|Password Change is required as the LAPS password for admin has expired Warning|Wed Jan 24, 2018 11:28:18 AM|macoslaps|There was an error setting the password for this device... Warning|Wed Jan 24, 2018 11:28:18 AM|macoslaps|There was an error setting the new password expiration for this device... Info|Wed Jan 24, 2018 11:28:18 AM|macoslaps|Password change has been completed for local admin admin. New expiration date is Sun Mar 25, 2018 11:28:18 AM Debug|Wed Jan 24, 2018 11:28:18 AM|macoslaps|Keychain does not currently exist. This may be due to the fact that the user account has never been logged into and is only used for elevation...