This is only a problem with the Active Directory Security System and Axon Ivy 10. But also with Axon Ivy 8.0, it is better to configure the Default Context correctly.
Here is an example
If the Active Directory has the following configuration:
Import Users Of Group: CN=Ivy-Users,OU=Roles,OU=Department,DC=company,DC=ch
And this should import the following user:
user1, External Name: CN=user1,OU=Users,OU=Department,DC=company,DC=ch
Then the correct Default Context value would be one of:
DC=company,DC=ch
or
OU=Department,DC=company,DC=ch
But we see often OU=Roles,OU=Department,DC=company,DC=ch
which is NOT correct because the imported User is not inside of this Context because the users are here: OU=Users,OU=Department,DC=company,DC=ch
Outcome
If you migrate to Axon Ivy 10 and your Default Context configuration is not correct (Default Context does not contain (all) the users), your users will get disabled and they cannot log in anymore.
Advice
Please check your Default Context configuration in existing Active Directory Security systems and correct it even if you are running an Axon Ivy Version below 10.0. It may cause trouble even there.