Yes, you can. Quoted from Microsoft:
Force Password Reset
- Forcing an update of the password on a system is done through updating the next expiration time either through Powershell or through the LAPS UI client. The password will reset on the next Group Policy refresh following the expiration time.
- Powershell requires the AdmPwd.ps module and the cmdlet is:
- Reset-AdmPwdPassword -ComputerName <computername> -WhenEffective <date time>
- Resetting through the LAPS UI client can be done by searching for the relevant system, entering the next desired expiration time, and pressing the set button.
- Note: administrators can still reset the local administrator password manually through local Administrative Tools but the new password will not be reflected in the computer object in AD and the next reset will occur as scheduled.
If this machine needs to be managed, we need to manually reset the LAPS password on the domain controller or wait for the expiration time to reset the password automatically, and then the new LAPS password can be used to log in (this is what you do in step 7).
Summary: For machines in the domain, the local administrator can still manually reset the local administrator password through the local management tool, but the new password will not be reflected in the computer object of AD. At this time, you can only log in with the reset password.
If you manually reset the LAPS password on the domain controller (I set new expiration day manually) or wait for the LAPS password expiration time to automatically reset the LAPS password, let the system reassign a password that complies with the password policy, after that you can use the new LAPS login.
