LAPS Password Retrieval Only Possible Over LDAPS

[ctjf]

Configuration

impacket version: v0.12.0
Python version: 3.12.8
Target OS: Windows Server 2025 Datacenter
Attacking OS: Kali

Debug Output With Command String

┌──(kali㉿kali)-[~/tools/impacket/examples]
└─$ ./GetLAPSPassword.py -dc-ip 192.168.116.131 'juicy.local/account_reader:P@ssw0rd' -debug       
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies 

[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[+] Connecting to 192.168.116.131, port 389, SSL False
[+] Total of records returned 5
[-] No LAPS data returned

┌──(kali㉿kali)-[~/tools/impacket/examples]
└─$ ./GetLAPSPassword.py -dc-ip 192.168.116.131 'juicy.local/account_reader:P@ssw0rd' -debug -ldaps
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies 

[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[+] Connecting to 192.168.116.131, port 636, SSL True
[+] Total of records returned 5
[+] Connecting to ncacn_ip_tcp:192.168.116.131[49689]
[+] Connected
[+] Successfully bound
[+] Calling MS-GKDI GetKey
Host        LAPS Username  LAPS Password   LAPS Password Expiration  LAPSv2 
----------  -------------  --------------  ------------------------  ------
ADCS-2025$  laps_admin     hp$R/UVbP}6t5r  2025-02-20 14:52:44       True   
WKSTN1$     laps_admin     S(X9m@2X+-M1H;  2025-02-20 14:15:54       True

Additional context

I suspect Microsoft added some security measure that only allows LAPS password retrieval over LDAPS. I slightly modified the example script to have a switch to default to LDAPS just to demonstrate the issue. I believe this issue is the same on the latest dev version of impacket.