Hi! We have an AD integrated with ISC. For some reasons not related with IAM (mostly domain configurations), client needs to keep moving accounts between AD OUs directly on AD (does not happen very often, but happens).
Problem is that as AD connector uses DN as its key, after an aggregation, account in old OU is taken as removed, and account in new OU as created. This ends in some other problems (for example, failed add entitlements events begin to happen when ISC tries to grant some entitlement to “old” account).
Is there some known workaround for this, that is, to let accounts be moved directly on AD without impact on ISC?
