Set-LapsADPasswordExpirationTime
Sets the Windows Local Administrator Password Solution (LAPS) password expiration timestamp on an Active Directory (AD) computer or ___domain controller object.
Syntax
Default (Default)
Set-LapsADPasswordExpirationTime
[-Credential <PSCredential>]
-Identity <String[]>
[-WhenEffective <DateTime>]
[-Domain <String>]
[-DomainController <String>]
[<CommonParameters>]
Description
The Set-LapsADPasswordExpirationTime cmdlet is used by administrators to configure the LAPS
password expiration time on an AD computer or ___domain controller object.
Tip
Running this cmdlet sets the LAPS password expiration time on the AD computer or ___domain controller object, but the new expiration time isn't honored until the next time the target device executes a LAPS policy processing cycle.
Examples
Example 1
Set-LapsADPasswordExpirationTime -Identity lapsClient
DistinguishedName Status
----------------- ------
CN=LAPSCLIENT,OU=LapsTestOU,DC=laps,DC=com PasswordReset
This example shows setting the LAPS password expiration time to the current time, which expires the password immediately.
Example 2
Set-LapsADPasswordExpirationTime -Identity lapsClient -WhenEffective (Get-Date -Date "07/04/2023 13:00:00")
DistinguishedName Status
----------------- ------
CN=LAPSCLIENT,OU=LapsTestOU,DC=laps,DC=com PasswordReset
This examples show setting the LAPS password expiration time to a specific date.
Example 3
Set-LapsADPasswordExpirationTime -Identity lapsClient -WhenEffective ([DateTime]::Now.AddDays(1))
DistinguishedName Status
----------------- ------
CN=LAPSCLIENT,OU=LapsTestOU,DC=laps,DC=com PasswordReset
This examples show setting the LAPS password expiration time to one day in the future.
Parameters
-Credential
Specifies the credentials to use when updating AD. If not specified, the current user's credentials are used.
Parameter properties
| Type: | PSCredential |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Domain
Specifies the name of the ___domain to connect to.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-DomainController
Specifies the name of the ___domain controller to connect to.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Identity
Specifies the name of the computer or ___domain controller object to set the LAPS password expiration time on.
This parameter accepts several different name formats that influence the criteria used when searching AD for the target device. The supported name formats are as follows:
- distinguishedName (begins with a
CN=) - samAccountName (begins with a
$) - dnsHostName (contains at least one
.character) - name (for all other inputs)
Parameter properties
| Type: | String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | True |
| Value from pipeline: | True |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-WhenEffective
Specifies the new LAPS password expiration time. If not specified, the current time is used, which expires the password is immediately.
Parameter properties
| Type: | DateTime |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.