If you use the Dynamic Local User Policy the created user is added to the local groups of the device as configured in the policy. If the user is manually added to another group on the device (like Hyper-V Administrators on Windows 10), the user is removed from the group during next refresh.
Since there are only a few standard-groups available (e.g. Hyper-V Administrators is not in the list) it would be great to have a possibility to use other system-groups. Or a list of groups which will be ignored during group cleanup (for adding special groups like docker-users).