TechIDManager’s agents called DomainService can be configured in many ways. If you haven’t read through the documentation on instances, you should start there first. When converting a PAM instance to a LAPS instance, you will use the same method as described in the instances document. You will find the DomainService setup documentation useful as well.
To convert from PAM to LAPS, we are going to look at the configuration, Add the LAPS instance, then remove the PAM instance.
To confirm the current settings for the account you wish to change:
1. Log into the machine
2. Open an admin command prompt.
3. Change directory to where the DomainService is installed
4. Run the command “domainservice.exe show”
To add the LAPS instance
5. Run the command “domainservice.exe shareduser MSP.admin clientid {clientID}”.
* MSP.admin would be your user name for account you are making changes to
* {clientID} would be your MSP’s ClientID
If you run the command, “show” again, you will find that you now have two instances sections instead of just one, one for the default PAM, and one for the new LAPS.
Moving over to the ManagementConsole, you will find the new LAPS account and the old PAM account. This might take a few minutes to show up.
If you would like to remove the PAM instance, go back over to the command prompt and set the PAM account to “not run”. To do this
6. Run the command “domainservice.exe donotrun”
This successfully turns off the PAM account, leaving the LAPS account active.
You will find in the ManagementConsole that the PAM account is still listed. At this point you are able to re-enable this instance at a later time. If you would like the PAM instance fully removed, click on the details of the PAM account, scroll down and click in “Permanently Delete.”
Here is a video saying, and showing all this same stuff.