Running Policy Server, when configuring a User Directory with the FQDN example.com, the DNS Server resolves 10 IP Addresses for that FQDN, and some of these IP Addresses can't be reached by the Policy Server.

Would a Policy Server be able to discard the connections when the User Stores are unreachable and use other IP Addresses that are resolved?

No. The Policy Server will not be able automatically and within the same second to switch to another IP.

The problem is outside the SiteMinder Policy Server.

The reason is that this setting is only related to the DNS.

So, when the Policy Server asks the IP from example.com, and it receives an IP it can't connect, it will continue to use the same IP until the DNS TTL (time to live) is reached.

Then, it will ask to resolve again that example.com.

In the best case, the DNS server will return an IP that is reachable. In the worst case, the DNS server will return an another IP that is unreachable.

So, the most performant way to set it is to use the User Directory load balancing or failover configuration, using the Active Directory (AD) IP instances (1).

1. Why is DNS load balancing un-synchronized and not load-aware?