There was an error setting the password for this device...

[HeywoodJa]

I can't get macOSLAPS to change the password. When I manually run resetPassword I get this.

computername_here:laps xxx$ macOSLAPS -resetPassword Info|Wed Nov 28, 2018 04:58:51 PM|macOSLAPS|Password Change is required as the LAPS password for macadminpasswordhere has expired Error creating /Library/Logs/macOSLAPS.log Error|Wed Nov 28, 2018 04:58:51 PM|macOSLAPS|There was an error setting the password for this device...

[joshua-d-miller]

Did you run the macOSLAPS as root or using sudo? This must be run as admin in order to function. I noticed it was also unable to create the log file.

[HeywoodJa]

When we run the command as local admin with sudo, we get the same exact error. Also, even though it says, error creating log file, it still writes the log file.

[joshua-d-miller]

So I tested the -resetPassword function and it seems to work for me. I guess in order to troubleshoot this further I would need to see your configuration. Also is your domain controller writable?

Thanks!

[HeywoodJa]

From ADSIEdit, I tried manually editing the "ms-Mcs-AdmPwd" field and was able to change it. Then I tried manually editing the "ms-Mcs-AdmPwdExpirationTime", I get "The value must be numeric, either in decimal or hexadecimal format. A value specified in hexadecimal format must start with '0x'.

[joshua-d-miller]

@HeywoodJa yes that is correct. The next thing to check would be that your Active Directory allows the computer to write the password and expiration time to itself. It is possible that this has been disabled?

[joshua-d-miller]

@HeywoodJa please try the latest build and see if it helps with your issue.

[joshua-d-miller]

@HeywoodJa Just wondering if you had a chance to test the new build?

[joshua-d-miller]

I'm going to call this issue resolved as I haven't heard anything additional