Itneresting AD situation, bringing dinosaur AD back on line

So I returned back to an old site after a few years, it is actually a split site over multiple countries.
Noticed the non-master AD server was off…
and turned it back on.

Seems it had been off for about a year…, first thing was:

  1. it’s out of date 2.4, so started on update to latest before postgres update
  2. seeing :

24.06.2020 09:29:42,65 LDAP (PROCESS): sync to ucs: Resync rejected dn: CN=j.smith,OU=NZ1 Office,DC=gp01,DC=org,DC=beetle,DC=com
24.06.2020 09:29:42,81 LDAP (PROCESS): sync to ucs: [ user] [ modify] uid=j.smith,ou=NZ1 office,dc=mirror-gp01,dc=org,dc=beetle,dc=com
24.06.2020 09:29:42,417 LDAP (ERROR ): Unknown Exception during sync_to_ucs
24.06.2020 09:29:42,417 LDAP (ERROR ): Traceback (most recent call last):
File “/usr/lib/pymodules/python2.7/univention/connector/”, line 1357, in sync_to_ucs
result = self.modify_in_ucs(property_type, object, module, position)
File “/usr/lib/pymodules/python2.7/univention/connector/”, line 1194, in modify_in_ucs
return ucs_object.modify() and self.__modify_custom_attributes(property_type, object, ucs_object, module, position)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/users/”, line 1663, in modify
return super(object, self).modify(*args, **kwargs)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/”, line 419, in modify
dn = self._modify(modify_childs, ignore_license=ignore_license, response=response)
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/”, line 1067, in _modify
File “/usr/lib/pymodules/python2.7/univention/admin/handlers/users/”, line 2015, in _ldap_pre_modify
raise univention.admin.uexceptions.uidAlreadyUsed(’: %s’ % username)
uidAlreadyUsed: : j.smith

  1. also some users are calming their access rights & pw have changed

A. how to deal with sync errors safely?
B. how can a non master with older records, impact a more uptodate server, surely there is a time check ?