diff --git a/services/univention-ad-connector/modules/univention/connector/ad/__init__.py b/services/univention-ad-connector/modules/univention/connector/ad/__init__.py
index 0237c85905..ce1691cd8d 100644
--- a/services/univention-ad-connector/modules/univention/connector/ad/__init__.py
+++ b/services/univention-ad-connector/modules/univention/connector/ad/__init__.py
@@ -50,12 +50,13 @@ import univention.debug2 as ud
 from ldap.controls import LDAPControl
 from ldap.controls import SimplePagedResultsControl
 from ldap.filter import escape_filter_chars
-from samba.dcerpc import nbt
 from samba.param import LoadParm
 from samba.net import Net
 from samba.credentials import Credentials, DONT_USE_KERBEROS
 from samba import drs_utils
-from samba.dcerpc import drsuapi, lsa, security
+from samba.dcerpc import drsuapi, lsa, nbt
+import samba.dcerpc.security
+import samba.dcerpc.misc
 import samba.dcerpc.samr
 from tempfile import NamedTemporaryFile
 
@@ -964,8 +965,48 @@ class ad(univention.connector.ucs):
 		repl_creds.set_username(self.ad_ldap_bind_username)
 		repl_creds.set_password(self.lo_ad.bindpw)
 
-		binding_options = "seal,print"
-		self.drs, self.drsuapi_handle, bind_supported_extensions = drs_utils.drsuapi_connect(self.ad_ldap_host, lp, repl_creds)
+		binding_options = "seal"
+		# self.drs, self.drsuapi_handle, bind_supported_extensions = drs_utils.drsuapi_connect(self.ad_ldap_host, lp, repl_creds)
+		## Code from drs_utils.py adjusted to match repo_epoch of server
+		binding_string = "ncacn_ip_tcp:%s[%s]" % (self.ad_ldap_host, binding_options)
+		self.drs = drsuapi.drsuapi(binding_string, lp, repl_creds)
+
+		bind_info = drsuapi.DsBindInfoCtr()
+		bind_info.length = 28
+		bind_info.info = drsuapi.DsBindInfo28()
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_BASE
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
+		bind_info.info.supported_extensions |= drsuapi.DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
+		(info, self.drsuapi_handle) = self.drs.DsBind(samba.dcerpc.misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
+		if info.info.repl_epoch != bind_info.info.repl_epoch:
+			ud.debug(ud.LDAP, ud.PROCESS, 'Adjusting to AD Replication Epoch: %s' % info.info.repl_epoch)
+			bind_info.info.repl_epoch = info.info.repl_epoch
+			(info, self.drsuapi_handle) = self.drs.DsBind(samba.dcerpc.misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID), bind_info)
 
 		dcinfo = drsuapi.DsGetDCInfoRequest1()
 		dcinfo.level = 1
@@ -999,12 +1040,12 @@ class ad(univention.connector.ucs):
 		binding = "ncacn_np:%s[%s]" % (self.ad_ldap_host, binding_options)
 
 		self.samr = samba.dcerpc.samr.samr(binding, lp, creds)
-		handle = self.samr.Connect2(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
+		handle = self.samr.Connect2(None, samba.dcerpc.security.SEC_FLAG_MAXIMUM_ALLOWED)
 
 		sam_domain = lsa.String()
 		sam_domain.string = self.ad_netbios_domainname
 		sid = self.samr.LookupDomain(handle, sam_domain)
-		self.dom_handle = self.samr.OpenDomain(handle, security.SEC_FLAG_MAXIMUM_ALLOWED, sid)
+		self.dom_handle = self.samr.OpenDomain(handle, samba.dcerpc.security.SEC_FLAG_MAXIMUM_ALLOWED, sid)
 
 	def get_kerberos_ticket(self):
 		p1 = subprocess.Popen(['kdestroy',], close_fds=True)