search

joshua-d-miller / macOSLAPS

Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows
MIT License
387 stars 58 forks source link

Unable to connect to local directory #54

Closed g003441 closed 3 years ago

g003441 commented 3 years ago

When running the command sudo macoslaps -resetpassword we get an error that states "administrator@C1MRP3FDDTY3 ~ % sudo macOSLAPS -resetpassword Password: Info|Tue Jun 08, 2021 02:05:26 PM|macOSLAPS|No Preferred Domain Controller Specified. Continuing... Warning|Tue Jun 08, 2021 02:05:27 PM|macOSLAPS|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|Tue Jun 08, 2021 02:05:27 PM|macOSLAPS|Password Change is required as the LAPS password for admin, has expired Error|Tue Jun 08, 2021 02:05:27 PM|macOSLAPS|Unable to connect to local directory or change password. Exiting..."

g003441 commented 3 years ago

When running laps with the machine name(serial #) it provides Th1sIsN0tth3P@ssword with an expiration of 1/1/0001 12:00:00 AM

When trying to set the password we get "failed to request password reset. image

g003441 commented 3 years ago

administrator@C1MRP3FDDTY3 ~ % sudo macoslaps Password: Info|Wed Jun 09, 2021 03:50:22 PM|macoslaps|No Preferred Domain Controller Specified. Continuing... Warning|Wed Jun 09, 2021 03:50:22 PM|macoslaps|There has never been a random password generated for this device. Setting a default expiration date of 01/01/2001 in Active Directory to force a password change... Info|Wed Jun 09, 2021 03:50:22 PM|macoslaps|Password Change is required as the LAPS password for administrator, has expired Info|Wed Jun 09, 2021 03:50:22 PM|macoslaps|The local admin: administrator has been detected to have a secureToken. Performing secure password change... Info|Wed Jun 09, 2021 03:50:24 PM|macoslaps|Password change has been completed for the local admin administrator. New expiration date is Sun Aug 08, 2021 03:50:22 PM Info|Wed Jun 09, 2021 03:50:24 PM|macoslaps|Removing Keychain for local administrator account administrator... administrator@C1MRP3FDDTY3 ~ % [Restored Jun 9, 2021 at 4:03:12 PM] Last login: Wed Jun 9 16:02:59 on console

joshua-d-miller commented 3 years ago

I am glad to hear you got this figured out and worked with me via Reddit Chat. I would recommend investing in some kind of MDM solution so that you don't need to perform the defaults command on all your systems. A couple MDM solutions to consider: