Retrieve All LAPS Passwords

Use the Retrieve All LAPS Passwords tool to view and copy local admin passwords from configured sources in Active Directory and Entra ID. This tool is available via the Right Click Tools console extension in ConfigMgr and the Right Click Tools for Intune browser extension. This action can only run over a Recast Proxy route.

Prerequisites

• Recast Management Server installed with Recast Proxy
• Right Click Tools Console Extension installed, if retrieving passwords from Active Directory
• Entra ID set up for Right Click Tools, if retrieving LAPS passwords from that source
• Minimum Recast Software version: 5.11.2602.1808
• Minimum Right Click Tools for Intune browser extension version: 2.0.0.10

Required Permissions

To run the tool:

1. Right-click on a single device or multiple devices.

2. Select Right Click Tools > Security Tools > Retrieve All LAPS Passwords.

The Local Admin Passwords from Configured Sources window displays the Machine Name, Password Source (Active Directory or Entra), Username, Password, and the password's Expiration date.

• Copy a password or username: Right-click on an entry and select Copy Password to Clipboard or Copy Username to Clipboard.
• View password history: Click Show password history for a list of old passwords stored in AD or Entra. 

NOTES:

• Active Directory LAPS history is configured via policy settings. For details, see Configure Policy Settings for Windows LAPS | Microsoft Learn.
• Entra retains a history of the three previous passwords.

TIP: You can edit the sources from which this tool retrieves passwords by disabling or enabling the LapsSearchAD or LapsSearchEntraId options in your Recast Management Server Settings. Be sure to restart your Configuration Manager console after editing LAPS password sources.