Created attachment 12661 [details] This does not fix nothing but it can help on solving the issue. We are testing samba-tool user --syncpasswords option and we found a bug. We reproduce it this way : 1°) Create an account with samba-tool create 2°) Initialize syncpasswords cache with samba-tool user syncpasswords --cache-ldb-initialize command 3°) Start the the syncpasswords command "samba-tool user syncpasswords" 4°) Change the password for the created user 5°) Stop the syncpasswords command 6°) Delete the user with samba-tool user delete 7°) Start the syncpasswords command and you will get this kind of error : root@eolebase:~/samba-4.5.1# samba-tool user syncpasswords Mon Nov 14 14:11:54 2016: pid[25634]: Using cache_ldb[/usr/local/samba/var/lib/samba/private/user-syncpasswords-cache.ldb] Mon Nov 14 14:11:54 2016: pid[25634]: currentPid: 25634 Mon Nov 14 14:11:54 2016: pid[25634]: Wait before connect - sleep(1) Mon Nov 14 14:11:55 2016: pid[25634]: Connecting to 'ldapi:///usr/local/samba/var/lib/samba/private/ldap_priv/ldapi' Mon Nov 14 14:11:55 2016: pid[25634]: Resuming monitoring dirsyncFilter: (&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(sAMAccountName=krbtgt*))) dirsyncControls: ['dirsync:1:0:0', 'extended_dn:1:0'] syncCommand: /root/changePwd.py Mon Nov 14 14:11:55 2016: pid[25634]: dirsync_loop(): results 9 Mon Nov 14 14:11:55 2016: pid[25634]: # Dirsync[0] 45004cfc-d097-4e78-99f9-d87241619220 S-1-5-21-1070482517-2200023967-776003 3-1109 dn: <GUID=45004cfc-d097-4e78-99f9-d87241619220>;<SID=S-1-5-21-1070482517-2200023967-7760033-1109>;CN=pcaseiro\0ADEL:45004cfc- d097-4e78-99f9-d87241619220,CN=Deleted Objects,DC=ac-test,DC=lan isRecycled: TRUE isDeleted: TRUE userAccountControl: 512 sAMAccountName: pcaseiro objectGUID: 45004cfc-d097-4e78-99f9-d87241619220 instanceType: 4 Mon Nov 14 14:11:55 2016: pid[25634]: # Passwords[0] 45004cfc-d097-4e78-99f9-d87241619220 S-1-5-21-1070482517-2200023967-7760 033-1109 # attrs=['dn', 'isDeleted', 'isRecycled', 'objectGUID'] Mon Nov 14 14:11:55 2016: pid[25634]: Call Popen[CN=pcaseiro\0ADEL:45004cfc-d097-4e78-99f9-d87241619220,CN=Deleted Objects,DC =ac-test,DC=lan] for /root/changePwd.py Mon Nov 14 14:11:56 2016: pid[25634]: ERROR: Failed to get password for user 'pcaseiro0ADEL:45004cfc-d097-4e78-99f9-d87241619 220': Unable to find user "pcaseiro0ADEL:45004cfc-d097-4e78-99f9-d87241619220" DONE-EXIT: 65280 Mon Nov 14 14:11:56 2016: pid[25634]: RESULT: 0 ERROR(exception): uncaught exception - ERROR: 0 - ERROR: Failed to get password for user 'pcaseiro0ADEL:45004cfc-d097-4e78-99 f9-d87241619220': Unable to find user "pcaseiro0ADEL:45004cfc-d097-4e78-99f9-d87241619220" DONE-EXIT: 65280 File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1976, in run sync_loop(wait) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1865, in sync_loop dirsync_loop() File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1842, in dirsync_loop handle_object(ri, r) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1659, in handle_object run_sync_command(obj.dn, ldif) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/user.py", line 1628, in run_sync_command raise Exception("ERROR: %s - %s\n" % (res, reply)) The problem is the syncpasswords tool also lists the "Deleted Objects" on startup and it found "users" in this "branch". I tried to fix that by testing if the attribute "isDeleted" is present and have this value "TRUE". It passes all the users and crach when arrived to "Administrator". I join a "patch" try.