ADSSP cannot identify if user account is moved from one OU to another
ADSSP provides a good feature of Restricting user accounts that are in specific OUs. The schedule scan works fine. But there are situations, an account that was placed in the Restricted OU is moved to another OU which isn't set as restricted in ADSSP. this should hence be identified by ADSSP during the scheduled time for Users & OUs sync hour and thus allow the user account which has been moved out of the restricted OU to be able to use and access the ADSSP functions.
However, this functionality is currently missing in ADSSP. This results in multiple unnecessary tickets being generated and sent over to the 1st level support which in turn also leads to the 1st level support team to manually unrestrict these previously and still block accounts.
#ManageEngine team, please consider this and add this functionality to the earliest build release