Index: server_password_change.d/univention-samba4
===================================================================
--- server_password_change.d/univention-samba4	(Revision 77132)
+++ server_password_change.d/univention-samba4	(Arbeitskopie)
@@ -48,7 +48,12 @@
 	%EOF
 
 	## 2. replace random machine secret in SAM with /etc/machine.secret
-	samba-tool user setpassword "${hostname}\$" --newpassword="$(cat /etc/machine.secret)"
+	if [ "$samba4_role" = "RODC" ]; then
+		old_password=$(tail -1 /etc/machine.secret.old | sed -n 's/[0-9]*: //p')
+		samba-tool user password -U "${hostname}\$%${old_password}" --newpassword="$(cat /etc/machine.secret)"
+	else
+		samba-tool user setpassword "${hostname}\$" --newpassword="$(cat /etc/machine.secret)"
+	fi
 }
 
 if [ "$1" = "postchange" ]; then