LDAP Bind to a RODC

Just an observation from some testing today – if you try and do an LDAP bind against a RODC you need to have the password cached, or cacheable. If the user is explicitly banned from having their password cached, the bind will fail.

We were hoping it might magically work like the userProxy object in ADLDS, but no.