LAPS auditing configuration

LAPS auditing does not require any additional configuration in ADAudit Plus. Once you have added your domain controller and configured the necessary audit policies in the ADAudit Plus web console, you can start auditing LAPS Password Read and LAPS Password Expiry changes.

Legacy LAPS events will be triggered when the password is read using the LAPS UI or PowerShell. Windows LAPS events will be triggered when the password is read through the LAPS tab in the Active Directory Users and Computers (ADUC) tool.

Windows LAPS supported platforms

Windows LAPS is available only on devices that are running Windows 10 or 11 or Windows Server 2019 or 2022, updated to the April 2023 cumulative update. Refer to this page for exact update versions.

Configure audit policies

To configure advanced audit policies for Windows domain controllers, follow the steps below.

1. Log in to any computer that has the Group Policy Management Console (GPMC) with Domain Admin credentials.
2. Open the GPMC, right-click Default Domain Controllers Policy, and select Edit.
3. In the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > DS Access.
4. Right-click the relevant Subcategory, click Properties, and configure the audit event as directed in the table below.

Configure Windows LAPS

To use any of the features related to Windows LAPS Windows Server Active Directory, you must add the new schema elements to the forest by running the Update-LapsADSchema cmdlet in PowerShell. Refer to this document for more information on Windows LAPS schema extensions.

Once the schema elements are updated, you can configure LAPS auditing for OUs in Active Directory using the Set-LapsADAuditing cmdlet in PowerShell. Refer to this document for more information.