We noticed in the system log, that 2 accounts were deleted by user __xcd_local__. 

Could you kindly confirm this is the system account used to deleted inactive users. Below is the setting for Accounts of the Global settings below for reference to indicate that there is indeed an expiry set.

Release : 3.4.x

Component : PRIVILEGED ACCESS MANAGEMENT

The __xcd_local__ is a special user that is defined internally in CA PAM to take care of the housekeeping activities apart from other tasks such as mounting the session recording location, deleting inactive users, etc.,

The user __xcd_local__ is a special user in the CA PAM database, that is responsible for multiple internal tasks that are run with respect to the Credential Manager and other tasks.

This is a correct entry in the session logs when the user who is inactive is being deleted.

The product is working as designed, __xcd_local__ is an internal user in CA PAM.