The cn in AD has been updated for all user objects from a format "surname,forename" to "username" and is causing issues with group membership changes.
We collect the user object DNs into our identity data and then link our identities back to AD user and group objects using the DNs. Following the change to the DNs within AD the identities and group memberships show the DNs as expected but the memberships now don't update.
If I check the Raw data for the ADC it clearly shows that one group membership is missing as expected but when you view an identities access the membership has not changed.
There are no errors so I'm at a bit of a loss where to start troubleshooting
Any help would be greatly appreciated
Is this version 7.0 or higher? There could probably be a bug with delta processing. You can try to run the collector once after setting it to full refresh. See below thread for instructions to set a collector to full refresh
Entitlement collector does not "nullify" previously collected data