There are user objects with uid=join-backup and uid=join-slave on our UCS instances. These can be retrieved via ldapsearch and udm, but are not available in the UMC. What are they used for, or are these objects used at all? Would it be possible to check them for removability and remove them if not needed? Here is an output from my test primary node to get more clarity. dn: uid=join-backup,cn=users,dc=ucs5schoolhejne,dc=intranet krb5MaxLife: 86400 krb5MaxRenew: 604800 uid: join-backup uidNumber: 2003 sn: Joinuser gecos: Joinuser displayName: Joinuser homeDirectory: /dev/null loginShell: /bin/bash mailForwardCopyToSelf: 0 univentionObjectFlag: hidden cn: Joinuser krb5PrincipalName: join-backup@UCS5SCHOOLHEJNE.INTRANET krb5KDCFlags: 126 userPassword:: e2NyeXB0fSQ2JHczSndqV3RjeWpDT1lzcnIkWW91VVJtL1VwM2dpVnpFa2lrb0dBeFJ6SUZzWFJXWGZkY2VhSTJ3ZXNuMGtHVmZiSWdCbDREekNDN1hoNHJXSzVQL1kudlguQzZIS3NQbUdmcGdkeS8= krb5Key:: MEWhEzARoAMCAQGhCgQIxAF8LzGAVKiiLjAsoAMCAQOhJQQjVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1iYWNrdXA= krb5Key:: MF2hKzApoAMCARKhIgQgk3VfSes25jeFfRVBjpiUmyqrkk3f4Idvvty5uvPDlrKiLjAsoAMCAQOhJQQjVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1iYWNrdXA= krb5Key:: MEWhEzARoAMCAQOhCgQIxAF8LzGAVKiiLjAsoAMCAQOhJQQjVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1iYWNrdXA= krb5Key:: MFWhIzAhoAMCARChGgQYrW5bio+hBP1rg8LxN2gvxICn1eWXAp6Aoi4wLKADAgEDoSUEI1VDUzVTQ0hPT0xIRUpORS5JTlRSQU5FVGpvaW4tYmFja3Vw krb5Key:: ME2hGzAZoAMCARehEgQQQsN5Loa4bkHW7XNH1jkBraIuMCygAwIBA6ElBCNVQ1M1U0NIT09MSEVKTkUuSU5UUkFORVRqb2luLWJhY2t1cA== krb5Key:: MEWhEzARoAMCAQKhCgQIxAF8LzGAVKiiLjAsoAMCAQOhJQQjVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1iYWNrdXA= krb5Key:: ME2hGzAZoAMCARGhEgQQO4E/qBxgJH2gtT4UG/xWgaIuMCygAwIBA6ElBCNVQ1M1U0NIT09MSEVKTkUuSU5UUkFORVRqb2luLWJhY2t1cA== krb5KeyVersionNumber: 1 pwhistory:: ICQ2JHFNWTdNZnpBWkhVNDZDajEkMTI4UlBVZ3JRZVJwcmZGd3l1WUF5ZGNkQ0guUktFcmtWelh4eDhVYkZLSWd4YlRtWnVQS09wZWYzckhmYVJsLzBJdmI2RnBPR0RIMFlpZzI0UWVFYjE= sambaNTPassword: 42C3792E86B86E41D6ED7347D63901AD sambaPasswordHistory: 8C4AC36E2C6DA6EE429FD9195A7B6E946095A79D7B5BD611423073E773B47AF9 sambaPwdLastSet: 1656062038 sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 sambaAcctFlags: [U ] objectClass: organizationalPerson objectClass: person objectClass: automount objectClass: univentionMail objectClass: posixAccount objectClass: shadowAccount objectClass: univentionPWHistory objectClass: krb5KDCEntry objectClass: top objectClass: univentionObject objectClass: sambaSamAccount objectClass: inetOrgPerson objectClass: krb5Principal sambaSID: S-1-5-21-1150003711-260972013-2878653590-5006 gidNumber: 5008 sambaPrimaryGroupSID: S-1-5-21-1150003711-260972013-2878653590-11017 univentionObjectType: users/user dn: uid=join-slave,cn=users,dc=ucs5schoolhejne,dc=intranet krb5MaxLife: 86400 krb5MaxRenew: 604800 uid: join-slave uidNumber: 2004 sn: Joinuser gecos: Joinuser displayName: Joinuser homeDirectory: /dev/null loginShell: /bin/bash mailForwardCopyToSelf: 0 univentionObjectFlag: hidden cn: Joinuser krb5PrincipalName: join-slave@UCS5SCHOOLHEJNE.INTRANET krb5KDCFlags: 126 userPassword:: e2NyeXB0fSQ2JE83UEhub0l1cmxHNk9xLnMkelFacy5wemdTbjhtNHh2ME9wcjZINE5lR2lxL1RJcldnSE1iSlNBR2gwc25WdDBXZ2VBcmJ4MTIyblFiRFlUZFBiMk5CNk5kQmw4ellyODdadEFVbi8= krb5Key:: MEShEzARoAMCAQGhCgQIhasLZBz0VwuiLTAroAMCAQOhJAQiVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1zbGF2ZQ== krb5Key:: MFShIzAhoAMCARChGgQY7GenYtM7keomoh/W35fjTxqF3zKi+/uuoi0wK6ADAgEDoSQEIlVDUzVTQ0hPT0xIRUpORS5JTlRSQU5FVGpvaW4tc2xhdmU= krb5Key:: MEShEzARoAMCAQKhCgQIhasLZBz0VwuiLTAroAMCAQOhJAQiVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1zbGF2ZQ== krb5Key:: MEyhGzAZoAMCARehEgQQO6hy/E0otOfCDUSvWuEg1qItMCugAwIBA6EkBCJVQ1M1U0NIT09MSEVKTkUuSU5UUkFORVRqb2luLXNsYXZl krb5Key:: MEyhGzAZoAMCARGhEgQQgvJbV2kACZ1v8ozQPSgWTKItMCugAwIBA6EkBCJVQ1M1U0NIT09MSEVKTkUuSU5UUkFORVRqb2luLXNsYXZl krb5Key:: MFyhKzApoAMCARKhIgQgDITzpHxID/dq1/GE2zaO9dc5ZEIHVi2EFKCZtZzz2vKiLTAroAMCAQOhJAQiVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1zbGF2ZQ== krb5Key:: MEShEzARoAMCAQOhCgQIhasLZBz0VwuiLTAroAMCAQOhJAQiVUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUam9pbi1zbGF2ZQ== krb5KeyVersionNumber: 1 pwhistory:: ICQ2JENGREFLVnRqRmtMMjcyZ0EkODZDdk9vSFI0eERTNFlsZXR1c2lmVzFMQlY4QkdxV3pGbmo0WFhZR3BtYks5SDI5cHdzZDhSZXdDVXpoNTJNLi5GTWFQUi5kNGIxaGhHOEs5Z3JxczE= sambaNTPassword: 3BA872FC4D28B4E7C20D44AF5AE120D6 sambaPasswordHistory: 35E5FD5E88FD94608B4F7166301D6771616BCDD6AA4A506CC7034D354275CB61 sambaPwdLastSet: 1656062038 sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 sambaAcctFlags: [U ] objectClass: organizationalPerson objectClass: person objectClass: automount objectClass: univentionMail objectClass: posixAccount objectClass: shadowAccount objectClass: univentionPWHistory objectClass: krb5KDCEntry objectClass: top objectClass: univentionObject objectClass: sambaSamAccount objectClass: inetOrgPerson objectClass: krb5Principal sambaSID: S-1-5-21-1150003711-260972013-2878653590-5008 gidNumber: 5009 sambaPrimaryGroupSID: S-1-5-21-1150003711-260972013-2878653590-11019 univentionObjectType: users/user
You can see them in UMC if you click in the search on "Include hidden objects". They seem to be required for something but are explicitly flagged as system objects and aren't counted in the license.