It seems this may not be the case - I ran the script, and it returned a single instance of the phrase "Unmanaged Accounts" and 1 instance of "SetUnmanagedAccounts" - both within the script that reduces this number. This is the script, which is the one that runs at 2 am every day.
(we do have the managedOUDN's defined, but I've redacted them for obvious reasons)
function GetUserSids($managedOuDNs, $allUnmanagedSids)
$searcher = New-Object "Softerra.Adaxes.Adsi.Search.DirectorySearcher" $NULL, $False
$searcher.SearchParameters.Filter = "(sAMAccountType=805306368)"
$searcher.SearchParameters.SearchScope = "ADS_SCOPE_SUBTREE"
$searcher.SearchParameters.PageSize = 500
$searcher.SearchParameters.ReferralChasing = "ADS_CHASE_REFERRALS_NEVER"
$searcher.SearchParameters.VirtualRoot = $True
$searcherResult = $searcher.ExecuteSearch()
foreach ($user in $searcherResult.FetchAll())
$userDN = New-Object "Softerra.Adaxes.LDAP.DN" $user.Properties["distinguishedName"].Value
$addToUnmanagedAccounts = $True
foreach ($ouDN in $managedOuDNs)
$addToUnmanagedAccounts = $False
$sidBytes = $user.Properties["objectSid"].Value
$sid = New-Object "Softerra.Adaxes.Adsi.Sid" @($sidBytes, 0)
$allUnmanagedSids.Add($sid.Value) | Out-Null
# Create an empty hash set for SIDs of Unmanaged Accounts
$allUnmanagedSids = New-Object "System.Collections.Generic.HashSet[String]"
# Get SIDs of all users who are not located under the managed OUs
GetUserSids $managedOuDNs $allUnmanagedSids
# Bind to the 'Configuration Set Settings' object
$configurationSetSettingsPath = $Context.GetWellKnownContainerPath("ConfigurationSetSettings")
$admConfigurationSetSettings = $Context.BindToObject($configurationSetSettingsPath)
# Update Unmanaged Accounts
If adaxes does not reset the unmanaged accounts number on occasion, there may be some other issue (perhaps some sort of corruption or an update) that has caused the number to revert to 497, and then the script failed to change the number?
It may be easier to mark this down as a one-off failure.