ADSSP with Read Only Domain Controller

ADSSP with Read Only Domain Controller

We have an ADSSP server in our DMZ that is configured to use an RODC in the DMZ for AD access. During testing, this seemed to work perfectly.

However, it appears that I did NOT test the unlock account feature... And it does not work. It returns an error "A referral was returned from the server". If I choose to reset password, it works correctly AND unlocks the account at the same time (RODC forwards the request to a RWDC).

I searched for RODC's in the forum and found references to it being worked on several years back, but not sure on the current status. Can anyone shed any light on this issue?

Thanks for your assistance!