I am in the process of implementing LAPS on all the workstations at my place of employment. The LAPS client is installed on all the workstations and a GPO is in place to set the LAPS password parameters. When I look at the LAPS password attribute on a computer object within the directory the attribute is blank. The workstations are logging event id 7 in the application event log. The event reads "Could not write changed password to AD. Error 0x80070032". I have verified on the computer objects running the LAPS client that the directory permission "self" has write permission to the attributes ms-MCS-AdmPwdExpirationTime and ms-MCS-AdmPwd.
All the reading I have done online state event id 7 is logged when the computer cannot write to the ms-MCS-AdmPwdExpirationTime and ms-MCS-AdmPwd attributes. As stated the permissions looking correct. Does anyone know of a way to enable more verbose logging so I can troubleshot this issue further? Or have any ideas I should try?
Thanks in advance for everyone's help,
Joel
