Traditionally PAM LDAP Groups are sync'd by the following setting in the UI:

PAM UI >> Configuration >> 3rd Party >> LDAP >> LDAP Domains.

Here once you select Update -> you have a setting called Update Interval, which should keep all users and groups updated.

Release : 3.1.x, 3.2.x, 3.3.x

Component : PRIVILEGED ACCESS MANAGEMENT

We cannot automatically delete an LDAP user if they have a:

1. Password View Policy, which they are either listed as the "Dual Authorization/Retrospective Approval" or within the "Email Notification" section of it.
2. Defined a custom report under PAM UI >> Sessions >> Logs >> Reports >> Managed Reports.

If either of these scenarios happen, we cannot delete that LDAP user and/or the LDAP Group they are apart of.

Please remove that user from the PVP and/or remove the custom report.

Note: if you cannot determine this information, please open up a support case and we can SSH into the backend of the server and take a look at the uag.custom_reports table for more detailed information.