[Samba] Denied RODC Password Replication Group
Robert Wooden
bob at donelsontrophy.com
Wed Aug 28 13:56:04 UTC 2019
When I run "gpresult /R" on one of my domain users the ". . . following
security groups" listed at the bottom of the output includes "Denied RODC
Password Replication Group".
Did a little web search digging and found that RODC stands for Read Only
Domain Controller.
My domain consists of two DC's and one member server with three W10
workstations.
I have never had a RODC. Both DC's are Samba 4.10.5 (maybe 4.10.4?) running
the usual setup replicating all the between the two DC's with Osync.
So far, I have not figured out how to remove this "Denied RODC Password
Replication Group" from this user. I could be wrong but, this might coming
from the users profile. (Using folder redirection for all user data.)
Thereby, as some will know, allowing users to login at any workstation.
As I do not have an RODC, I have no idea how this got generated. Anyone
have any thoughts on how to remove this "Denied RODC Password Replication
Group" from this users gpresult? Thoughts?
--
Thank you.
Bob Wooden
More information about the samba
mailing list