Someone contacted me with some questions from our MDT+LAPS post, and we agreed they might benefit from seeing the internal PowerShell script we wrote to expire the local machine’s LAPS password, Expire-LAPSPassword.ps1. So I’ve put it in a gist.

Notes

  • This script has a dependency on Invoke-CommandAs, since we need to run the expiration command as the SYSTEM user. It’s an excellent PS module for this purpose and I’m grateful for its existence.

  • I cannot recall exactly why we had to use the 2.8.5.201 version of the NuGet provider, but I remember it seemed important at the time. That module-loading stanza has been copy-pasted into over a dozen of our PS scripts over the years, so it’s likely whatever reason that was may not be applicable any more.

  • This script is a bit chatty in terms of output, which met our needs. If you don’t like that, you could easily change some of the Write-Output commands to Write-Verbose to quiet it down some during normal operation.

  • I’ll glady take feedback if you have it. When it comes to scripting and coding, I’m an overconfident amateur. I’d love to continue improving with your suggestions.