Originating Updates Attempted on an RODC

In addition to the constraints described in section, an RODC does not perform originating updates. When an originating update is requested on an RODC, the RODC generates an LDAP referral ([RFC2251] sections 3.2 and 4.1.11) to a DC holding a writable NC replica, as specified in this section. By following the referral, the client can perform the desired update.

Define O as follows:

  • If the originating update is an add, let O be the parent of the object to be added.

  • If the originating update is a modify, modify DN, or delete, let O be the object to be updated.

If O does not exist, return the error noSuchObject / ERROR_DS_OBJ_NOT_FOUND. Otherwise, let N be the NC containing O. Using techniques described in section 6.3.6, find a DC D that has a writable NC replica for N. Generate an LDAP referral to D as specified in [RFC2251] section 4.1.11.