[Freeipa-devel] IPA 3.0 migrated to 4.1 users break winsync agreement when deleted in active directory

[Andreas Calminder]

Hi,
I've asked in #freeipa on freenode but to no avail, figured I'll ask 
here as well, since I think I've actually hit a bug or (quite) possibly 
I've done something moronic configuration/migration -wise.

I've got an existing FreeIPA 3.0.0 environment running with a fully 
functioning winsync agreement and passsync service with the windows 
environments active directory, I'm trying to migrate the 3.0.0 
environments users into a freshly installed 4.1 (rhel7) environment, 
after migration I setup a winsync agreement and make it bi-directional  
(one-way sync from windows) everything seems to be working alright until 
I delete a migrated user from the Active Directory, after the winsync 
picks up on the change it'll break and suggests a re-initialize. After 
the re-initialization the agreement seems to be fine, however the 
deleted user are still present in the ipa 4.1 environment and cannot be 
deleted. The webgui and ipa cli says: ipauser1: user not found. ipa 
user-find ipauser1 finds the user and it's visible in the ui.

Anyone had the same problem or anything similar or any pointers on where 
to start looking?

Regards,
Andreas