I had rolled out a RODC to a remote office location, and after a while I noticed that the computers over there were not getting group policies applied to them. Some research into it revealed that by default domain computers aren’t allowed to change the password for the computer accounts. I had to do the following to fix it:
- 1.Active Directory Users & Computers -> Right click on the Properties the RODC (probably under Domain Controllers) ->Password Replication Policy -> Add
- 2.Allow the Domain Computers group.