1. There are two users in the remote LDAP AD server.
2. Manually add 'twtac2' in GUI under Remote Users -> Import.

3. Manually Sync 'twtac1' user from GUI under Remote User Synced Rules:

4. There are now two users in Remote Users:

• twtac1: Remote User Sync Rules -> Manual Sync.
• twtac2: Remote Users -> Import.

5. After removing 'the twtac2' user from Windows AD and performing Remote User Sync Rules -> Manual Sync, 'twtac2' still exists on Remote Users:

In conclusion, Remote User Sync Rules -> Manual Sync will not sync the user manually imported by Remote Users -> Import.

It is not possible to discern manually imported users from automatically imported users. Only the logs can tell. To find out, search for the user name in the logs and see how that user was imported.

For example:

Manually imported user:

date=2024-05-13 time=07:25:45+0000 oid=841 logid=10203 cat="Event" subcat="Admin Configuration" level="information" nas="" action="" status="" msg="Imported remote user "user01" from remote LDAP server "DC01 (192.168.95.16)"" user="admin"

Using remote user sync rules:

date=2024-05-13 time=07:35:11+0000 oid=1526 logid=10001 cat="Event" subcat="Admin Configuration" level="information" nas="" action="Add" status="" msg="Added Remote LDAP User: user02" user="" 

Note: If a user is manually imported, they are excluded from sync rule management, even if they meet the sync rule criteria. This means that if the user is later deleted from the LDAP server, they will not be removed from the FortiAuthenticator, as they are not managed by the sync rule. Therefore, avoid manual import of the user that should have been imported with the help of the user sync rule to avoid the conflict.