Rancher AD Authentication moved users


we have a Rancher 2.2 installation with AD Authentication.
When moving existing Users within the AD to a new OU, Rancher could not lookup the user anymore, as the principalId of the user is linked to the entire CN Path, which is now invalid.

CN=Username,OU=My Users,CN=domain,CN=com

is change to
CN=Username,OU=My New OU,CN=domain,CN=com

Readding the users is not working as rancher is not deleting due to a bug the old token (kubeconfig file) and the readded user will get an invalid token for his config.

Is it possible in any way to edit the principalId of the User object within the rancher installation?

I would appreciate any help with this issue!