Also reported in the samba list. Samba AD-DB's with originated from a setup before at least samba 4.4 show/might show this. When running : samba-tool ldapcmp --filter="whenChanged,dc,DC,cn,CN" ldap://dc1.fqdn ldap://dc2.fqdn This works fine, untill i remove the filter.. samba-tool ldapcmp ldap://dc1.fqdn ldap://dc2.fqdn This errors out with : * Comparing [DOMAIN] context... * Objects to be compared: 845 ERROR(<class 'KeyError'>): uncaught exception - 'CN' File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 957, in run if b1.diff(b2): File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 781, in diff if object1 == object2: File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 549, in __eq__ return self.cmp_attrs(other) File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 590, in cmp_attrs if isinstance(self.attributes[x], list) and isinstance(other.attributes[x], list): samba-tool ldapcmp --filter="cn,CN" ldap://dc1.fqdn ldap://dc2.fqdn * Comparing [DOMAIN] context... * Objects to be compared: 845 * Result for [DOMAIN]: SUCCESS * Comparing [CONFIGURATION] context... * Objects to be compared: 1825 * Result for [CONFIGURATION]: SUCCESS * Comparing [SCHEMA] context... * Objects to be compared: 1821 * Result for [SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * Objects to be compared: 503 ERROR(<class 'KeyError'>): uncaught exception - 'DC' File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 957, in run if b1.diff(b2): File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 781, in diff if object1 == object2: File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 549, in __eq__ return self.cmp_attrs(other) File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 590, in cmp_attrs if isinstance(self.attributes[x], list) and isinstance(other.attributes[x], list): samba-tool dbcheck (--cross-nc) run fine, i have 0 errors here. My conclusion here, but this needs to be verified also by others, and it might be handy to know your original samba version. --filter="DC,CN" fixes the ldapcmp command to it runs without errors, the database replications is fine. Expected Cause, this is a AD-DB started from 4.1.x in all updates there where a few bugs with cn= CN= dc= DC= and whenChanged in previous versions of samba. My setup started with: Debian Wheezy, samba 4.1.x This server has upgraded samba, all version steps from 4.1.x to 4.11.2 Current: Debian Buster, samba 4.11.2 side note, the AD-DC servers have had any samba upgrade where the version number was NOT 4.x.0 4.x.1 . It looks related to bug: https://bugzilla.samba.org/show_bug.cgi?id=12399 Greetz, Louis