If I have a group (cn=sirs,ou=examplegroups,dc=ad,dc=example,dc=org) with some members. I delete one of them: ./bin/pdbedit -x user now whatever operation I perform on the group with LDAP commands with the dangling membership I receive: ERROR - Error while modifying entry CN=sirs,OU=examplegroups,DC=ad,DC=example,DC=org in directory :javax.naming.NameNotFoundException: [LDAP: error code 32 - 00000525: specified dn doesn't exist at ../source4/dsdb/samdb/ldb_modules/extended_dn_store.c:163:extended_dn_handle_fpo_attr]; remaining name 'CN=sirs,OU=unimoregroups,DC=ad' Group can not be handled any more through LDAP commands (ADUC works though). The problem is twofold: 1) avoid a group is turned into invalid; 2) sanitize invalid groups (deleting them does not work, samba-tool dbcheck --repair neither). Thank you, franz
Sorry, I tried again today and this time deleting the stale group solves the issue.