AD-Connector - synchronizing additional classes/objects (full AD sync)

Hi there!

I have a UCS domain configured as “Join existing MS AD domain” and have active the AD Connector which replicate users and other objects from AD to UCS LDAP.

My AD Schema is extended with some custom/additional applications (like Kopano).
I would like to keep the configuration of those applications in MS AD but would really like to have all the related objects/attributes replicated/synchronized to UCS LDAP.

I thought the AD Connector will automatically sync all the related objects/attributes but obviously it is not.
I searched the documentation and the forum but was unable to find some sort of ad-connector “advanced documentation” related to modifying the sync options.

After checking the files included in the univention-ad-connector it seems all the required objects/attributes for sync should be added to the scripts/hooks of ad-connector.

Is there any documentation on how to extend the ad-connector for synchronizing additional attributes/objects/schema? Maybe some examples?

Any hint/help would be greatly appreciated.


Hi there, I’m just wondering if you ever resolved this. I have a UCS server configured the same as you and I want it to sync AD objects of class=Contact. I thought it would dothis by default to be honest but it seems not. Di you ever find out how to control what gets synced? Any hints greatly appreciated.

Hey there,
I have the same problem while syncing contacts, log/univention/connector-ad.log says:

(WARNING): group_members_sync_to_ucs: failed to identify object type of AD group member, ignore membership: CN=…
23.04.2023 22:45:16.479 LDAP (ERROR ): Unknown Exception during sync_to_ucs
23.04.2023 22:45:16.482 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/univention/admin/handlers/groups/”, line 428, in fast_member_remove
return self.lo.modify(self.dn, ml, exceptions=True, ignore_license=ignore_license)
File “/usr/lib/python3/dist-packages/univention/admin/”, line 795, in modify
return self.lo.modify(dn, changes, serverctrls=serverctrls, response=response, rename_callback=rename_callback)
File “/usr/lib/python3/dist-packages/univention/”, line 212, in _decorated
return func(self, *args, **kwargs)
File “/usr/lib/python3/dist-packages/univention/”, line 765, in modify
self.modify_ext_s(dn, ml, serverctrls=serverctrls, response=response)
File “/usr/lib/python3/dist-packages/univention/”, line 212, in _decorated
return func(self, *args, **kwargs)
File “/usr/lib/python3/dist-packages/univention/”, line 824, in modify_ext_s
rtype, rdata, rmsgid, resp_ctrls = self.lo.modify_ext_s(dn, ml, serverctrls=serverctrls)
File “/usr/lib/python3/dist-packages/ldap/”, line 1253, in modify_ext_s
return self._apply_method_s(SimpleLDAPObject.modify_ext_s,*args,**kwargs)
File “/usr/lib/python3/dist-packages/ldap/”, line 1197, in _apply_method_s
return func(self,*args,**kwargs)
File “/usr/lib/python3/dist-packages/ldap/”, line 602, in modify_ext_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File “/usr/lib/python3/dist-packages/ldap/”, line 749, in result3
File “/usr/lib/python3/dist-packages/ldap/”, line 756, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File “/usr/lib/python3/dist-packages/ldap/”, line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File “/usr/lib/python3/dist-packages/ldap/”, line 44, in reraise
raise exc_value
File “/usr/lib/python3/dist-packages/ldap/”, line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.NO_SUCH_ATTRIBUTE: {‘desc’: ‘No such attribute’, ‘info’: ‘modify/delete: memberUid: no such value’}

How did you solve this problem?

Kind regards,