Recently moved users are unable to authenticate with the Mobility server (FDN context change)

Many users not able to connect to synchronizer
User has been moved in the Directory Service (FDN context has changed)
User is unable to sync mail, contacts, calendar with previously added devices
Recently moved users are unable to authenticate with the Mobility server
Can't add user account(s) to device(s) - Failed to verify account information
/var/log/datasync/connects/mobility-agent.log: Failed to Authenticate User

If the authentication mode has been configured for LDAP, Mobility relies on the user's FDN to authenticate the user. If this user has been moved or relocated in the directory service, this can make it difficult for Mobility since it still relies on the old context.

Steps to resolve this issue differ depending if the user was added to the Mobility server as part of a group or individually:

• If the user was added as part of a group (group icon to the left of the user in WebAdmin | Users):
  See Updating a Group of Users in Your Mobility System.
  Note: This synchronization should happen automatically every so often behind the scenes. Technically, the old user is removed (in WebAdmin | Users, ~userid is displayed as deleting), while the new userid in the new context is added simultaneously.
  
  
• If the user was added individually (no group icon to the left of the user in WebAdmin | Users):
• (option A) Re-initialize the user from WebAdmin. See Reinitializing a User.
  
• (option B) Create an alias for the user in the old context. Then restart gms.
  Note: If authentication still fails, there is a possibility that the LDAP server needs to be configured to de-reference alias objects (properties of ldap server object | general tab) See Understanding and Using NDS Alias Objects for further details.
  
• (option C) Move the user back to the old context and then restart gms.
  

The Mobility server is authenticating user(s) to old context that no longer exists in the directory service.