Find-LapsADExtendedRights
Queries Active Directory (AD) to find principals that have been granted permission to read Windows Local Administrator Password Solution (LAPS) password attributes.
Syntax
Find-LapsADExtendedRights
[-Credential <PSCredential>]
-Identity <String[]>
[-Domain <String>]
[-DomainController <String>]
[-IncludeComputers]
[<CommonParameters>] Description
The Find-LapsADExtendedRights cmdlet is used by administrators to query which principals have
been granted permissions to read the LAPS password attributes.
Examples
Example 1
Find-LapsADExtendedRights -Identity LapsTestOU
ObjectDN ExtendedRightHolders
-------- --------------------
OU=LapsTestOU,DC=laps,DC=com {NT AUTHORITY\SYSTEM, LAPS\Domain Admins, LAPS\LapsAdmins}This example shows how to run the cmdlet.
Parameters
-Credential
Specifies the credentials to use when updating AD. If not specified, the current user's credentials are used.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Domain
Specifies the name of the domain to connect to.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DomainController
Specifies the name of the domain controller to connect to.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Identity
Specifies the name of the OU to query.
This parameter accepts several different name formats that influence the criteria used in the resultant AD search. The supported name formats are as follows:
- distinguishedName (begins with a
CN=) - name (for all other inputs)
Querying permissions on the domain root is only supported using the distinguishedName input format, for example 'DC=laps,DC=com'.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-IncludeComputers
Specify this parameter to also check computer objects for the permissions.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
String[]