Setting up LAPS - Changing Permission on a CN


New Member
I am currently having an issue with changing permissions on our networks CN=Computers. When setting up LAPS you must run a command on the organizational units that have your workstations in them. Well our network has been setup where our Headquarter's Computers sit within the CN=Computers group and our branches workstations are within an OU. When attempting to change permissions for our OU the command runs perfectly. This powershell command... set-admpwdcomputerselfpermission -OrgUnit "my ou" works but since all out other workstations at sitting in CN=Computer that command doesnt work. Is there a command that is something like..set-admpwdcomputerselfpermission -ComName "my ou" so that the permissions change be changed on a common name group also?



Principal Cybersecurity Architect
Staff member
You will need to create a process to move them out of 'Computers' since it is a container and not an OU