As I noticed during my further analysis the krbtgt user account is missing in LDAP/UCS. The solution presented in How to deal with s4-connector rejects requires the destination to exist, while the solution in Problem: Remove S4 Connector Rejects Which Does Not Exist in LDAP expects the source to be expendable. I have the situation that my krbtgt account isn’t expendable. I want it synced to the LDAP.
What’s the best approach? Create it manually?