Microsoft LAPS schema and permission changes

March 28, 2017

The NETID Active Directory will have minor changes to set the stage to add support for LAPS, a Microsoft provided capability, for delegated OU customers.

 

What and When:

On Friday March 31, 2017, the Microsoft Infrastructure (MI) team will be making a change to the NETID domain in preparation to implement Microsoft’s Local Administrator Password Solution (LAPS). 

 

The first change is a schema updates to allow two additional attributes on computer objects in the domain.

 

The second change will update permissions on each delegated OU to allow for the secure storage of a password when LAPS is implemented. Note: A separate but related change is planned to delegated OU role groups—you’ll see a separate announcement about that.

 

What you need to do:

This announcement if only advisory. Additional announcements will be made when Microsoft Infrastructure releases LAPS for general availability in the NETID domain.

 

More Info:

Schema changes are considered very low risk. NETID domain schema documentation will be updated to reflect this change. Delegated OU permission documentation will also be updated to reflect this change.

 

More info about LAPS: https://technet.microsoft.com/en-us/mt227395.aspx.

 

Brian Arkills

Microsoft Infrastructure service manager

UW-IT