Hi @Jan Adolfsson ,
This blog post might be helpful:
Machine Account (AD Computer Object) Password Updates
Quoting from it:
Since computer password updates occur over secure channel, if the computer has an existing secure channel session with a RODC (the RODC has the existing computer’s password in its AD database), the RODC forwards the change request to a writable DC. The RODC then attempts to replicate the password using ReplicateSingleObject (RSO). If the computer’s password is not cached on the RODC (no secure session), the password change request follows the existing secure session the computer has with a writable DC.
----------
If the reply was helpful please don't forget to upvote
and/or accept as answer
, thank you!
Best regards,
Leon