[Samba] Denied RODC Password Replication Group

L.P.H. van Belle belle at bazuin.nl
Wed Aug 28 14:05:13 UTC 2019


Bob, 

What is see is correct. 

If you would have RODC's, you can put a user in the allow RODC ... Group. 
This site explains it better then i can : http://microsoftgeek.com/?p=2241 
So dont no need too change things here. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Robert Wooden via samba
> Verzonden: woensdag 28 augustus 2019 15:56
> Aan: SAMBA MailList
> Onderwerp: [Samba] Denied RODC Password Replication Group
> 
> When I run "gpresult /R" on one of my domain users the ". . . 
> following
> security groups" listed at the bottom of the output includes 
> "Denied RODC
> Password Replication Group".
> 
> Did a little web search digging and found that RODC stands 
> for Read Only
> Domain Controller.
> 
> My domain consists of two DC's and one member server with three W10
> workstations.
> 
> I have never had a RODC. Both DC's are Samba 4.10.5 (maybe 
> 4.10.4?) running
> the usual setup replicating all the between the two DC's with Osync.
> 
> So far, I have not figured out how to remove this "Denied 
> RODC Password
> Replication Group" from this user. I could be wrong but, this 
> might coming
> from the users profile. (Using folder redirection for all user data.)
> Thereby, as some will know, allowing users to login at any 
> workstation.
> 
> As I do not have an RODC, I have no idea how this got 
> generated. Anyone
> have any thoughts on how to remove this "Denied RODC Password 
> Replication
> Group" from this users gpresult? Thoughts?
> 
> -- 
> Thank you.
> 
> Bob Wooden
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list