For reasons I can't get into here, the AD associated with my Authentication Manager appliance is being wiped clean of all non-service account users. Users will be re-provisioned with the same ID as before into the AD, albeit with different groups and permissions. When these users are removed from the AD, they will of course be subsequently deleted from RSA AM.
Is there any way to preserve the assigned SecurID token for each user so when it is recreated on the AD, their existing soft token still works, along with PIN, security questions, etc? Could I possibly break the connection to my AD temporarily, while accounts are recreated and then re-synchronize it along with the RSA AM?
Any ideas at all would be appreciated.