This article will address moving Active Directory (AD) Sourced Okta Users to a new AD Organizational Unit (OU) within AD and Import scenarios.

• Directories
• Active Directory
• Imports To Okta

When users are imported from Active Directory to Okta, and the users are moved from one AD OU to another, one of the following will occur during the next import:

• No change will occur to the user's activation status if the OU is selected in the AD integration in Okta.
  • The user's appuser profile attribute appUser.dn (distinguishedName) will be updated to reflect the new OU.

• If the OU is NOT selected, the Profile and Lifecycle settings defined in the provisioning configuration will apply, either deactivating the user, suspending the user, or just removing the user from the AD integration if a Full import or Just-in-time Provisioning occurs. An incremental import will not pick up on this change. See How does Okta handle users and groups that are moved to an out-of-scope OU? for more information

 
 

Related References

• How does Okta handle users and groups that are moved to an out-of-scope OU?