Currently, any secondary (Non-default) AD accounts linked to identities are set as read-only links. This causes issues when admins make updates for the managed users which should apply for all linked accounts, such as when terminating users or even extending contractors. In order to avoid this, we need to make sure these linked accounts are no longer set as read only so they are not excluded from updates.
scenario in linked systems
systems/gad/account - default (this only got updated when there is changes on idm manage user)
systems/gad/account - daAccount
I am sorry to hear that you are experiencing issues syncing to the secondary account. Thank you for bringing this to our attention and for opening a ticket with our support team. I am pleased to inform you that an engineer is already working on setting up a replicated environment to resolve the issue. However, it appears that there may be some information pending that the engineer requested in the ticket regarding information provided by DSS.
Rest assured that we are taking note of your concern and will take the necessary steps to ensure that secondary AD accounts are included in all updates.
Also, we would greatly appreciate it if you could share the solution with the community once it becomes available. This could potentially benefit other members facing similar issues.
Many thanks and warm regards,