3

For the past three hours I've sat at my desk ready to smash my Dell R710 in with a baseball bat. After installing all features of LAPS and running import-module AdmPwd.PS, I can't seem to get AD to take the schema update. I am part of a group that is a member of Schema Admins and I've even tried directly adding myself. Registering schmmgmt.dll didn't work either. When running from my workstation or as admin from the DC I get:

Update-admPwdADSchema : An operation error occurred.
At line:1 char:1
+ Update-admPwdADSchema
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Update-AdmPwdADSchema], DirectoryOperationException
    + FullyQualifiedErrorId : System.DirectoryServices.Protocols.DirectoryOperationException,AdmPwd.PS.UpdateADSchema

If I run the command in powershell without running as admin on the DC I get the following error:

Update-AdmPwdADSchema : The user has insufficient access rights.
At line:1 char:1
+ Update-AdmPwdADSchema
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Update-AdmPwdADSchema], DirectoryOperationException
    + FullyQualifiedErrorId : System.DirectoryServices.Protocols.DirectoryOperationException,AdmPwd.PS.UpdateADSchema

I can't find anything anywhere on google that was actually helpful, and the only thing I could find in the event log was the same error repeated with system information that didn't really add much. I'm running my DC on Win Server 2019, and am running Win 10 Pro on my workstation.

SovietBear
  • 31
  • 2

1 Answers1

1

This may be resolved already. I am commenting because I had the exact same issue on WS2012 R2.

The user account has to be added to the Schema Admins group and the Enterprise Admins group. Don't forget to sign out to update permissions.

Credit to this post: https://community.spiceworks.com/topic/post/7637077

Apollo117
  • 11
  • 1