LDAP Binder user causes DAS issues when normal domain user
I have come across a issue when Incorrect capabilities for the LDAP Binder user may cause DAS sync issues.
The LDAP Binder user needs to have "read access to all users objects". This usually means they must be a member of Domain Admins in AD. If they are not, then new users will be add to the IAP, but deletions from AD will not be propagated to the IAP.
In this case we need to check if binder user for LDAP connection has sufficient rights.
Check in Active Directory, look up the Binder user, open the Properties and select the "Member Of" tab, and correct to right membership. This should help