LAPS – Get Account Password

<#
    .SYNOPSIS
        Get password for LAPS protected machine

    .DESCRIPTION
        Retrieves the password for a machine protected by the Local Administrator Password Solution

    .EXAMPLE
        . .\LAPS_GetPassword.ps1 -ComputerName W2019-001
        Gets the LAPS password for the target machine

    .NOTES
        Designed to run as the CONSOLE context on the target machine so the user running the script requires full rights to get/set the password

    .CONTEXT
        CONSOLE

    .MODIFICATION_HISTORY
        Created TTYE : 2020-09-27


    AUTHOR: Trentent Tye
#>
[CmdLetBinding()]
Param (
    [Parameter(Mandatory=$true,HelpMessage='Enter the SamAccountName of the machine')][ValidateNotNullOrEmpty()]  [string]$ComputerName
)

#Use native ADSI queries to avoid using ActiveDirectory powershell modules (which might not be installed on the target machines)
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher.Filter = "(&(objectCategory=Computer)(SamAccountname=$($COMPUTERNAME)`$))"
$objSearcher.SearchScope = "Subtree"
$ComputerObj = $objSearcher.FindOne()
$password = $ComputerObj.Properties["ms-Mcs-AdmPwd"]

#find local administrator account
$account = Get-WmiObject -ComputerName $ComputerName -Class Win32_UserAccount -Filter "LocalAccount='True' And Sid like '%-500'"

#find password expiration for LAPS account
$PasswordExpiration = $([datetime]::FromFileTime([convert]::ToInt64($ComputerObj.Properties['ms-MCS-AdmPwdExpirationTime'],10)))


Write-Output "Account          : $($account.caption)"
Write-Output "Password         : $password"
Write-Output "`nPassword Expires : $PasswordExpiration"