Thanks for explanation, after it and reading the following posts I think I understand your problem.
At the moment I have no connection to a samba ad, but I think you can manage it also from a windows client with rsat tools. For Microsoft AD it works with the next steps:
- click on the user with the right mouse button
- click on prperties
- click on attribute editor
- search for
isCriticalSystemObject
and change the value to true
For the next time please think of giving us some more informations in your question. Then more informations we have, then more we can help. And please try to explain your problem for people who are not specialised for this theme, so more people can try to help. In my opinion much sysadmins are allrounder, but they have to read a little bit for understanding themes they are not specialised for. If you want us to help, we have to understand your problem, to know what we are searching for.