I assume from your scenario you are using access roles and then adding the users from AD into the access roles? Which in turn you are using in your rules.
If so I believe that the user is referenced by its DN within the access role.
So based on this you would need to modify the access role with the account once it's been moved.
One way around this would be to use AD groups and then add the users to the AD groups, then use the group within the access role. It would still be susceptible to the same issue of moving groups, but I assume that activity would be far less than moving users.
If I am way off with the above, if you could provide further information on your setup please?