Windchill - Disconnected Principal

Over the last year we have been working on re-structuring our Corp LDAP, e.g. DN names, groups, etc.. In addition when individual are nolonger with the organization and their LDAP account is disabled or deleted from the Corp LDAP. We have seen and defined specific situaltion all requiring different resolution process by either correcting with SQL scripts or using the admin utilities maintenance UI. In some cases Windchill UI functionality does not work so SQL scripts are the only method or the amount of effort required to use the UI is not efficient so scripts are used. In addition updating disconnected principals WTgroups only can be achieved via the maintenance UI.

When disconnected principals exist in the system two scenarios occur, 1- disconnected WTusers cause PDM to slow if users are part of a workflow and can cause PDM to stop responding or 2 - disconnected WTgroups will present users attempting to access the system with an error and PDM is not accessible. When either of these occur the systems user across the organization can not access PDM, thus an enterprise down situation occurs, not fun!

Does anyone have input this issue on how you have addressed this internal to your organization?

Does anyone have white paper type information on this issues and/or principal interface between Active Directory and WindchillDS or Aphelion?

FYI in the last 2 days I have tested or dealt with this issue on both a PDM 9.0 M060 Productin Server environment and a PDM 9.1 PDM M040 Development server and they both respond exactly the same so no changes or improvements have been made moving to WindchillDS or PDM 9.1, but I could be no informed also. Any input would be appreciated, thanks.