Es hat ein wenig gedauert bis ich mal wieder Zeit gefunden habe mich ein wenig mit UCS zu beschäftigen.
Die erste Hürde war rauszufinden, wieso das alte Forum nicht mehr "funktioniert" - hat ein paar Minuten gedauert bis ich den Hinweis auf den Umzug gefunden habe 
Leider war der Umzug meines Forum-Users genauso problembehaftet wie die ganze UCS AD Takeover/Synchronisationsgeschichte bisher. Login mit dem alten User/Passwort wurde verweigert - glücklicherweise hat wenigstens der Passwort-Reset funktioniert - aber im Ernst, ein 10stelliges Passwort für ein Forum??? Ist nicht etwas Overkill? 
getestet - keine Fehler gefunden.
Habe ich ebenfalls ausprobiert => keine Änderungen des Verhaltens.
Inzwischen habe ich die AD Takeover Geschichte aufgegeben und den Versuch ad Acta gelegt - dann wird es wohl doch ein Windows Domain Controller bleiben...
18.03.17 12:43:35.667 DEBUG_INIT
18.03.17 12:43:35.809 LDAP ( PROCESS ) : Renaming 'cn=Domain Admins,cn=groups,dc=testdomain,dc=local' to 'Domänen-Admins' in UCS LDAP.
18.03.17 12:43:35.810 LDAP ( WARN ) : rename cn=Domänen-Admins
18.03.17 12:43:35.830 LDAP ( PROCESS ) : Renaming 'cn=Domain Users,cn=groups,dc=testdomain,dc=local' to 'Domänen-Benutzer' in UCS LDAP.
18.03.17 12:43:35.830 LDAP ( WARN ) : rename cn=Domänen-Benutzer
18.03.17 12:43:35.851 ADMIN ( WARN ) : No settings/cn superordinate was given.
18.03.17 12:43:35.852 LDAP ( PROCESS ) : Modifying 'cn=default,cn=univention,dc=testdomain,dc=local' in UCS LDAP.
18.03.17 12:43:35.852 ADMIN ( WARN ) : No settings/cn superordinate was given.
18.03.17 12:43:35.859 LDAP ( PROCESS ) : Renaming 'cn=Domain Guests,cn=groups,dc=testdomain,dc=local' to 'Domänen-Gäste' in UCS LDAP.
18.03.17 12:43:35.859 LDAP ( WARN ) : rename cn=Domänen-Gäste
18.03.17 12:44:40.821 DEBUG_INIT
18.03.2017 12:44:41,856 MAIN (------ ): DEBUG_INIT
18.03.2017 12:44:41,896 LDAP (ERROR ): Failed to lookup AD LDAP base, using UCR value.
18.03.2017 12:44:41,949 LDAP (PROCESS): Building internal group membership cache
18.03.2017 12:44:42,116 LDAP (PROCESS): Internal group membership cache was created
18.03.2017 12:44:42,127 LDAP (PROCESS): Using testdomain as AD Netbios domain name
18.03.2017 12:44:42,230 LDAP (PROCESS): Scan all changes from UCS ...
18.03.2017 12:44:42,939 LDAP (PROCESS): initialize AD: last USN is 0, sync all
18.03.2017 12:44:43,353 LDAP (PROCESS): sync to ucs: [ container] [ modify] CN=Users,dc=testdomain,dc=local
18.03.2017 12:44:43,381 LDAP (PROCESS): sync to ucs: [ container] [ modify] CN=Computers,dc=testdomain,dc=local
18.03.2017 12:44:43,435 LDAP (PROCESS): sync to ucs: [ user] [ add] uid=Gast,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:43,796 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Domänencomputer,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,243 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Zertifikatherausgeber,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,346 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=RAS- und IAS-Server,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,444 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Richtlinien-Ersteller-Besitzer,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,546 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Domänencontroller,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,630 LDAP (WARNING): group_members_sync_to_ucs: failed to identify object type of ad member, ignore membership: CN=IGM48,OU=Domain Controllers,DC=testdomain,DC=local
18.03.2017 12:44:44,637 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Organisations-Admins,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,750 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=Domänen-Gäste,cn=groups,dc=testdomain,dc=local
18.03.2017 12:44:44,761 LDAP (ERROR ): failed in post_con_modify_functions
18.03.2017 12:44:44,762 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1309, in sync_to_ucs
f(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 157, in set_univentionObjectFlag_to_synced
connector.lo.lo.lo.modify_s(univention.connector.ad.compatible_modstring(ucs_object['dn']), [(ldap.MOD_REPLACE, 'univentionObjectFlag', flags)])
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 364, in modify_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self.ldapcall(self.l.result4,msgid,all,timeout,addctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in ldapcall
result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'matched': 'cn=groups,dc=testdomain,dc=local', 'desc': 'No such object'}
18.03.2017 12:44:44,762 LDAP (WARNING): sync to ucs was not successfull, save rejected
18.03.2017 12:44:44,762 LDAP (WARNING): object was: CN=Domänen-Gäste,CN=Users,DC=testdomain,DC=local
18.03.2017 12:44:44,768 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=Domänen-Benutzer,cn=groups,dc=testdomain,dc=local
18.03.2017 12:44:44,785 LDAP (ERROR ): failed in post_con_modify_functions
18.03.2017 12:44:44,785 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1309, in sync_to_ucs
f(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 157, in set_univentionObjectFlag_to_synced
connector.lo.lo.lo.modify_s(univention.connector.ad.compatible_modstring(ucs_object['dn']), [(ldap.MOD_REPLACE, 'univentionObjectFlag', flags)])
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 364, in modify_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self.ldapcall(self.l.result4,msgid,all,timeout,addctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in ldapcall
result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'matched': 'cn=groups,dc=testdomain,dc=local', 'desc': 'No such object'}
18.03.2017 12:44:44,785 LDAP (WARNING): sync to ucs was not successfull, save rejected
18.03.2017 12:44:44,785 LDAP (WARNING): object was: CN=Domänen-Benutzer,CN=Users,DC=testdomain,DC=local
18.03.2017 12:44:44,789 LDAP (PROCESS): sync to ucs: [ group] [ modify] cn=Domänen-Admins,cn=groups,dc=testdomain,dc=local
18.03.2017 12:44:44,808 LDAP (ERROR ): failed in post_con_modify_functions
18.03.2017 12:44:44,808 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1309, in sync_to_ucs
f(self, property_type, object)
File "/usr/lib/pymodules/python2.7/univention/connector/ad/__init__.py", line 157, in set_univentionObjectFlag_to_synced
connector.lo.lo.lo.modify_s(univention.connector.ad.compatible_modstring(ucs_object['dn']), [(ldap.MOD_REPLACE, 'univentionObjectFlag', flags)])
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 364, in modify_s
return self.result(msgid,all=1,timeout=self.timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 465, in result
resp_type, resp_data, resp_msgid = self.result2(msgid,all,timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 469, in result2
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all,timeout)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 476, in result3
resp_ctrl_classes=resp_ctrl_classes
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 483, in result4
ldap_result = self.ldapcall(self.l.result4,msgid,all,timeout,addctrls,add_intermediates,add_extop)
File "/usr/lib/python2.7/dist-packages/ldap/ldapobject.py", line 106, in ldapcall
result = func(*args,**kwargs)
NO_SUCH_OBJECT: {'matched': 'cn=groups,dc=testdomain,dc=local', 'desc': 'No such object'}
18.03.2017 12:44:44,808 LDAP (WARNING): sync to ucs was not successfull, save rejected
18.03.2017 12:44:44,808 LDAP (WARNING): object was: CN=Domänen-Admins,CN=Users,DC=testdomain,DC=local
18.03.2017 12:44:44,815 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=Administrator,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:44,912 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Schema-Admins,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,70 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=WINS-Benutzer,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,169 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=DHCP-Benutzer,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,273 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=DHCP-Administratoren,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,386 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=DnsAdmins,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,487 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=DnsUpdateProxy,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,587 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Sysadmins,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,682 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=IIS_WPG,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,772 LDAP (PROCESS): sync to ucs: [ ou] [ add] OU=Rechner,dc=testdomain,dc=local
18.03.2017 12:44:45,798 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=CVSUser,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,888 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=CVSAdmin,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:45,994 LDAP (PROCESS): sync to ucs: [ group] [ add] cn=Domänen-Sicherungsoperatoren,cn=users,dc=testdomain,dc=local
18.03.2017 12:44:46,95 LDAP (PROCESS): sync to ucs: [ user] [ add] uid=testadmin,ou=benutzer normal,ou=benutzer,dc=testdomain,dc=local
18.03.2017 12:44:46,302 LDAP (ERROR ): Unknown Exception during sync_to_ucs
18.03.2017 12:44:46,303 LDAP (ERROR ): Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1281, in sync_to_ucs
result = self.add_in_ucs(property_type, object, module, position)
File "/usr/lib/pymodules/python2.7/univention/connector/__init__.py", line 1135, in add_in_ucs
return ucs_object.create() and self._modifycustom_attributes(property_type, object, ucs_object, module, position)
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 305, in create
return self._create()
File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 759, in _create
self.lo.add(self.dn, al)
File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 382, in add
raise univention.admin.uexceptions.ldapError(err2str(msg), originalexception=msg)
ldapError: No such object
18.03.2017 12:44:46,303 LDAP (WARNING): sync to ucs was not successfull, save rejected
18.03.2017 12:44:46,303 LDAP (WARNING): object was: CN=Thomas Wagner (Admin),OU=Benutzer normal,OU=Benutzer,DC=testdomain,DC=local
Wir haben im alten Forum drei Ankündigungen geschaltet, eine am 03. März als Vorwarnung, eine am 14. März als die Migration losging und eine am 16. März als sie abgeschlossen war. Am 03. und am 16. März haben wir an alle Foren-User auch entsprechende E-Mails verschickt. In beiden E-Mails stand auch, dass wir die Passwort-Hashes nicht migrieren und man daher sein Passwort zurücksetzen muss.