We were wondering whether usnChanged could feasibly be exhausted. Turns out it's 64-bit. However, it also turns out that some of the code treats it as a 32-bit value: source3/libads/ldap.c: if (!ads_pull_uint32(ads, res, "highestCommittedUSN", usn)) { source3/libads/ldap_utils.c: uint32_t *first_usn, source3/libads/ldap_utils.c: uint32_t first_usn; source3/libads/ldap_utils.c: uint32_t *first_usn, source3/libads/ldap_utils.c: uint32_t current_usn; source3/libads/ldap_utils.c: if (!ads_pull_uint32(ads, res, "usnChanged", first_usn)) { source3/libads/ldap_utils.c: if (!ads_pull_uint32(ads, res, "usnChanged", ¤t_usn)) { source4/dsdb/kcc/kcc_drs_replica_info.c: uint32_t *attr_version, NTTIME *attr_change_time, uint32_t *attr_orig_usn) source4/dsdb/kcc/kcc_drs_replica_info.c: ntstatus = dsdb_get_extended_dn_uint32(attr_ext_dn, attr_version, "RMD_ORIGINATING_USN"); source4/dsdb/kcc/kcc_drs_replica_info.c: uint32_t attr_originating_usn = 0; source4/dsdb/samdb/ldb_modules/dirsync.c: uint32_t tmp_usn = 0; source4/dsdb/samdb/ldb_modules/dirsync.c: uint32_t tmp_usn2 = 0; source4/dsdb/samdb/ldb_modules/dirsync.c: status = dsdb_get_extended_dn_uint32(dn->dn, &tmp_usn, "RMD_LOCAL_USN"); source4/dsdb/samdb/ldb_modules/dirsync.c: status = dsdb_get_extended_dn_uint32(dn->dn, &tmp_usn2, "RMD_ORIGINATING_USN"); At some point we should probably look at this code more closely and fix it up. Otherwise parts of samba could start failing if the usnChanged exceeds 32-bits.