Bob,
What is see is correct.
If you would have RODC's, you can put a user in the allow RODC ... Group.
This site explains it better then i can : http://microsoftgeek.com/?p=2241
So dont no need too change things here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Robert Wooden via samba
> Verzonden: woensdag 28 augustus 2019 15:56
> Aan: SAMBA MailList
> Onderwerp: [Samba] Denied RODC Password Replication Group
>
> When I run "gpresult /R" on one of my domain users the ". .
.
> following
> security groups" listed at the bottom of the output includes
> "Denied RODC
> Password Replication Group".
>
> Did a little web search digging and found that RODC stands
> for Read Only
> Domain Controller.
>
> My domain consists of two DC's and one member server with three W10
> workstations.
>
> I have never had a RODC. Both DC's are Samba 4.10.5 (maybe
> 4.10.4?) running
> the usual setup replicating all the between the two DC's with Osync.
>
> So far, I have not figured out how to remove this "Denied
> RODC Password
> Replication Group" from this user. I could be wrong but, this
> might coming
> from the users profile. (Using folder redirection for all user data.)
> Thereby, as some will know, allowing users to login at any
> workstation.
>
> As I do not have an RODC, I have no idea how this got
> generated. Anyone
> have any thoughts on how to remove this "Denied RODC Password
> Replication
> Group" from this users gpresult? Thoughts?
>
> --
> Thank you.
>
> Bob Wooden
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>