Problem description
When any changes are made to the AD/LDAP structure and if the user(s) are moved out of a particular AD Group/Organization Unit for which AD/LDAP mapping is already available in inSync, the migrated user(s) remain active and do not get preserved.
This behavior is observed irrespective of the 'Auto-Preserve Unmapped Users' is enabled in the inSync AD/LDAP settings.
Cause
The following could be the possible causes:
AD Connector is in a disconnected state.
The migrated users were manually created in inSync Cloud and later synced with the Active Directory.
In the case of User Group, the user account might be a part of more than one group.
Resolution
Issues with inSync AD Connector
To resolve the issues with inSync AD Connector, refer AD Connector not connected.
Issues with manually created users
In this case, the 'Auto-Preserve Unmapped Users' setting will not work, as these users were not originally imported through AD.
Hence inSync's AD/LDAP settings for auto-preserving these users will not apply.
Refer to the following steps for a workaround
You can manually select such users from the "Users" page on the inSync Management Console and click on "Preserve" to preserve them.
If the issue still continues, contact Druva Support by submitting a ticket for further investigation.