By catching packets ,we can see the AD server also works as a mail server ,and some user accounts’ OU specially for
Mail server cannot be supported by Firewall ,causing the user import fail.
We can see the user account is :CN=HealthMailboxc33a3a44d8d28d419c82b82799ca7250bc,CN=Moniotoring Mailboxes,
CN=Microsoft Exchange System Objects, DC=CLIF,DC=CORP, It belongs to mail server account on AD and USG don't support it.
Because the OU can be imported successfully ,on the firewall there are two OU already imported “Microsoft exchange security group “and “clif-itapoa”