The Access Role in SmartDashboard contains a different DN (Distinguished Name) for the user than the DN that the user has after the move of the user's OU.
The Access Role contains the DN that the user had when the user was first added to the Access Role.
After the move of the user's OU, the access Role is not updated automatically. Searching the Account Unit shows the new DN of the user, but it must be changed manually in the Access Role.
This behavior is by design. The Management server does not keep a constant connection with all Domain Controllers to receive an update to the OU of a user, regarding any user group change on the AD server.