Both issues *may* be explained by the same thing. You may have multiple AD Sync groups and you have added the exclusion to one of the groups but not the other. Similarly if you have one of the AD Sync groups set to "Move systems from their current System Tree location to the synchronized group" it will move the machine from whatever directory it resides in to one that matches the AD Sync group. You could also have it set to "Delete the systems from the System Tree".
The easiest way to tell if you have multiple AD Sync groups defined is to define a new server task for AD Sync (or modify your existing one) and select "Selected synchronized groups" then click the "Select Synchronized Groups" button and all your AD Sync Groups will be displayed.
Jeremy, thanks for your reply.
But my synchronisation setting is set to Leave Systems ..... I did this for the same reason you mentioned.
I synchronise just one group but I decided to rebuild my System Tree.
I now created an extra group under My Organization and then let the Server Task synchronise with the new group.
I made a mistake by syncing with the My Organization group. This old sync removes offcourse my self created groups.
With the new sync in place I can create new groups without being thrown away.
But 1 issue remains. The Default Migration Container OU is still being synchronised while being in the exceptions list.
Any other ideas?
Problem Solved. Why I don't know but syncing the AD groups is working fine.