We have a fairly small ZCM deployment that'a been running fine for a year , recently we decided to do some testing on our AD policies unrelated to ZCM 11...

Created a new ou called "test"

Created a sub ou called Test Users

populated it with 5 users from elsewhere in the domain. All 5 of these users now cannot login to ZCM seemlessly or via the client. Any other user on the same pc logs in properly with no issue. We defined the ROOT of the AD as the user source for ZCM and can look the users up in the ZCM console. When you try to add the new ou as a user sources it errors out with "Unable to add new context because this container or a parent container has already been added as a user context"

any ideas on what is wrong here?

thanks in advance!