Information
When you enable this setting the managed password is encrypted before being sent to Active Directory.
Enabling this setting has no effect unless 1) the password has been configured to be backed up to Active Directory and 2) the Active Directory domain functional level is at Windows Server 2016 or above.
If this setting is enabled and the domain functional level is at or above Windows Server 2016 the managed account password is encrypted.
If this setting is enabled and the domain functional level is less than Windows Server 2016 the managed account password is not backed up to the directory.
If this setting is disabled the managed account password is not encrypted.
This setting will default to enabled if not configured.
See https://go.microsoft.com/fwlink/?linkid=2188435 for more information.
Solution
Policy Path: System\LAPS
Policy Setting Name: Enable password encryption