windows

Export Windows LAPS Passwords report

GURU
By GURU Add a Comment

You want to get all the Windows LAPS passwords to sign in to the computers as a local admin quickly. Searching for the computer to get the Windows LAPS Password for every machine takes time. While that is the best practice for security, there are times when you want an overview of all the computers and their LAPS Passwords. That’s where a report with all the LAPS passwords in a CSV file is excellent. In this article, you will learn how to export Windows LAPS Passwords report.

Windows LAPS

The export Windows LAPS Passwords PowerShell script is for Windows LAPS and not Microsoft LAPS (deprecated as of October 23, 2023). If you are not familiar with or want to understand more about it, read the article Configure Windows LAPS step by step.

Get Windows LAPS Passwords report with PowerShell script

The Get-LAPSPasswords.ps1 PowerShell script will get the Windows LAPS Passwords for the computer objects in Active Directory and output the below information:

  1. ComputerName
  2. LapsPassword
  3. ExpirationTime
  4. LocalAdminAccount
  5. OperatingSystem

Download Get LAPSPasswords PowerShell script

Create two folders on the (C:) drive:

Download and place Get-LAPSPasswords.ps1 PowerShell script in the C:\Scripts folder. The script will export all the LAPS Passwords to the C:\Temp folder.

Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Another option is to copy and paste the below code into Notepad. Give it the name Get-LAPSPasswords.ps1 and place it in the C:\Scripts folder.

<#
    .SYNOPSIS
    Get-LAPSPasswords.ps1

    .DESCRIPTION
    Export Windows LAPS Passwords to CSV file with PowerShell.

    .LINK
    www.alitajran.com/export-windows-laps-passwords-report/

    .NOTES
    Written by: ALI TAJRAN
    Website:    www.alitajran.com
    LinkedIn:   linkedin.com/in/alitajran

    .CHANGELOG
    V1.00, 07/23/2024 - Initial version
#>

param (
    [Parameter(Mandatory = $true)]
    [string]$Path, # Mandatory parameter for the CSV file path
    [string]$OU # Optional parameter to specify the OU
)

# Determine the base for the search
if ($OU)  Select-Object Name, OperatingSystem

else 
    # If OU is not provided, get computers from all OUs
    $computers = Get-ADComputer -Filter * -Properties OperatingSystem 

# Create a variable to store results
$passwords = @()

# Loop through each computer and get the LAPS password and additional details
foreach ($computer in $computers) {
    try {
        # Attempt to get the LAPS password for the computer
        $passwordObject = Get-LapsADPassword $computer.Name -AsPlainText
        $password = $passwordObject.Password
        $adminaccount = $passwordObject.Account
        $expirationTimestamp = $passwordObject.ExpirationTimestamp

        # Store the computer name, password, expiration timestamp, local admin account, and operating system in a custom object
        $passwords += [PSCustomObject]@{
            ComputerName      = $computer.Name
            LapsPassword      = $password
            ExpirationTime    = $expirationTimestamp
            LocalAdminAccount = "$adminaccount"
            OperatingSystem   = $computer.OperatingSystem
        }
    }
    catch {
        # If there's an error, output a warning
        Write-Host "Failed to get details for $($computer.Name): $_" -ForegroundColor Red
    }
}

# Output the results in a grid view
$passwords | Sort-Object ComputerName | Out-GridView -Title LapsPasswords

# Export the results to a CSV file
$passwords | Sort-Object ComputerName | Export-Csv -Path $Path -Encoding UTF8 -NoTypeInformation

This is how it looks.

Run Get LAPSPasswords PowerShell script

To export all the LAPS Passwords to a CSV file.

C:\scripts\.\Get-LAPSPasswords.ps1 -Path "C:\temp\LAPSPasswords.csv"

This is what the output looks like in the grid view window.

Export Windows LAPS Passwords report AllExport Windows LAPS Passwords report All

This is what the CSV file looks like.

Export Windows LAPS Passwords report CSV fileExport Windows LAPS Passwords report CSV file

To export the LAPS Passwords from an OU to a CSV file.

C:\scripts\.\Get-LAPSPasswords.ps1 -Path "C:\temp\LAPSPasswordsOU.csv" -OU "OU=WIN10,OU=Computers,OU=Company,DC=exoip,DC=local"

This is what the output looks like in the grid view window.

Export Windows LAPS Passwords report OUExport Windows LAPS Passwords report OU

The Windows LAPS Passwords report looks great with all the properties!

Read more: Configure Microsoft Entra Password Protection for on-premises »

Conclusion

You learned how to export Windows LAPS Passwords report with PowerShell. Remember to rotate the LAPS Password once you are done with your task. If you already have a policy set up that will change the LAPS Password within a couple of days or after you sign out, you are all good.

Did you enjoy this article? You may also like Check free disk space on Windows with PowerShell script. Don’t forget to follow us and share this article.

Share This Article
Leave a comment