Set-LapsADPasswordExpirationTime
Sets the Windows Local Administrator Password Solution (LAPS) password expiration timestamp on an Active Directory (AD) computer or domain controller object.
Syntax
Set-LapsADPasswordExpirationTime
[-Credential <PSCredential>]
-Identity <String[]>
[-WhenEffective <DateTime>]
[-Domain <String>]
[-DomainController <String>]
[<CommonParameters>] Description
The Set-LapsADPasswordExpirationTime cmdlet is used by administrators to configure the LAPS
password expiration time on an AD computer or domain controller object.
Tip
Running this cmdlet sets the LAPS password expiration time on the AD computer or domain controller object, but the new expiration time isn't honored until the next time the target device executes a LAPS policy processing cycle.
Examples
Example 1
Set-LapsADPasswordExpirationTime -Identity lapsClient
DistinguishedName Status
----------------- ------
CN=LAPSCLIENT,OU=LapsTestOU,DC=laps,DC=com PasswordResetThis example shows setting the LAPS password expiration time to the current time, which expires the password immediately.
Example 2
Set-LapsADPasswordExpirationTime -Identity lapsClient -WhenEffective (Get-Date -Date "07/04/2023 13:00:00")
DistinguishedName Status
----------------- ------
CN=LAPSCLIENT,OU=LapsTestOU,DC=laps,DC=com PasswordResetThis examples show setting the LAPS password expiration time to a specific date.
Example 3
Set-LapsADPasswordExpirationTime -Identity lapsClient -WhenEffective ([DateTime]::Now.AddDays(1))
DistinguishedName Status
----------------- ------
CN=LAPSCLIENT,OU=LapsTestOU,DC=laps,DC=com PasswordResetThis examples show setting the LAPS password expiration time to one day in the future.
Parameters
-Credential
Specifies the credentials to use when updating AD. If not specified, the current user's credentials are used.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Domain
Specifies the name of the domain to connect to.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DomainController
Specifies the name of the domain controller to connect to.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Identity
Specifies the name of the computer or domain controller object to set the LAPS password expiration time on.
This parameter accepts several different name formats that influence the criteria used when searching AD for the target device. The supported name formats are as follows:
- distinguishedName (begins with a
CN=) - samAccountName (begins with a
$) - dnsHostName (contains at least one
.character) - name (for all other inputs)
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhenEffective
Specifies the new LAPS password expiration time. If not specified, the current time is used, which expires the password is immediately.
| Type: | DateTime |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
String[]