The Samba-Bugzilla – Bug 12008
RODCs are not read-only
Last modified: 2017-04-18 22:25:22 UTC
RODCs can add and delete objects from their local LDB without restriction. This is because the only relevant RODC check is only done to modifications. A side-effect of this is that the KCC creates local links from an RODC to other DCs.
Fixed in commit b3ba0c85ffe08c39b9144b644b6aabca4ca17dfe
Adds and deletes now cause referrals to be sent.