A problem has been occurring with ldap participant users. One day they can not login, we check their account and we see 2 duplicate copies, both unlicensed. We click the green sync button and the duplicate goes away (even though it syncs every day). Then we put the license back on the user.

IT moves users to different OU's, but all OU's are part of the base distinguished name (of course since otherwise they would disappear)

Anyone else ever ran into this, seems like a problem with LDAP and something to do with the way OU's are managed.

Also the account appears to actually duplicate each time. Where the when the license is assigned any tasks assigned to them need to be re-assign to them (same exact name and username). We also know that normally you can't re-assign to the same account, so it really is a duplicate.