Apparently Robocopy does not understand Windows Server 2016 deduplication. Is there a way to make it work without corrupting the volume?
Solution 1:
The System Volume Information directory should be excluded using the /XD switch. Probably a good idea to exclude other hidden/system directories such as $RECYCLE.BIN.
Solution 2:
Two command line switches that were used lead to this: /MIR and /ZB. As the documentation ( robocopy /??? ) describes:
/MIR :: MIRror a directory tree (equivalent to /E plus /PURGE).
/ZB :: use restartable mode; if access denied use Backup mode.
It's the combination that did you in: /MIR will delete (as pointed out when you run robocopy without arguments) and "Backup mode" defeats most permissions in order to be able to read files "normally" unreadable in order to make complete backups.
"Backup mode" is notably undefined in the "help" description. You've got to know that the Windows CreateFile API supports a flag called FILE_FLAG_BACKUP_SEMANTICS, which in combination with a certain access right SE_BACKUP_NAME (which is given to the Administrator group by default - also the Backup Operators group, duh) bypasses normal file security.
You didn't know that? Then you may also not know that robocopy wasn't originally part of Windows at all - it was part of a supplement called the "Windows Resource Kit" which was used mainly by programmers and hard-core sysadmins back in the day, and although it was grandfathered into the Windows distribution back in Windows Server 2008 it has never ever received any attention - except for additional performance options, woot! Particularly, no attention from program managers dedicated to UI or usability. So it's a raw bit of power that can be used - or misued! - at your own risk.
(A good rule of thumb: Don't use command line options you don't really understand.)
Information you might like to know about "Backup mode" file access:
https://isc.sans.edu/forums/diary/Use+The+Privilege/20483/
https://docs.microsoft.com/en-us/windows/desktop/api/FileAPI/nf-fileapi-createfilea
https://docs.microsoft.com/en-us/windows/desktop/FileIO/file-security-and-access-rights