I added the permission for the level 1 template to allow read access for the LAPS pw but I can't get it to show the field in the attribute editor. I can confirm that the computer account has a LAPS pw by using AD tools with a domain admin account. The service account is a domain admin that is being used for Active Roles. I'm not sure why this isn't showing up. Any help would be appreciated.
Basically what I did was click the permission tab on the access template, click add, click only the following and click computer, object property access read properties, and then clicked ms-mcs-admpwd, next and accept the defaults. I also have right above it allow, list, computer.
any idea what I'm missing?