#
bloodyAD
#
Find what LAPS password a user account can read
bloodyAD --host IP.OF.A.DOMAINCONTROLLER -d domain.com -u user-with-privs-to-read-laps-passwords -p 'xxx123' get search --filter '(ms-mcs-admpwdexpirationtime=*)' --attr ms-mcs-admpwd,ms-mcs-admpwdexpirationtime