A user was recently moved to a different LDAP group, but when the LDAP refresh runs, the user is not removed in PAM. The LDAP refresh reports as successful, but the user still remains in the GUI.

When trying to manually update the user in the PAM GUI, the following error occurs.

PAM-CMN-0155: User ____ was not updated.

Privileged Access Manager, all versions

This can occur if the user is defined in specific roles like a PVP (password view policy) or if there was an issue removing the user name from some tables in the database.

Remove the user from the other defined location (PVP, email on login, etc.) and rerun the LDAP refresh. In some cases you may need to open a support ticket to have a support engineer manually update the database.