Error -6090 moving a previously provisioned DSFW user

A provisioned DSFW user was moved out of the domain, the gidNumber and primaryGroupID where changed to something other than that of the Domain Users group, DSFW removed then re-installed back into the tree, and then the user was moved back into the domain.
A 6090 error has been reported in this very rare situations.

The provision.log shows the following:

ldap_modify: Server is unwilling to perform (53)
additional info: NDS error: Security Accounts Manager validation failed (-6090)
Could not samify the user objects at /opt/novell/xad/lib/perl/XAD/secure.pm line 372.
 at /opt/novell/xad/lib/perl/Logger.pm line 119
Logger::_err('Could not samify the user objects at /opt/novell/xad/lib/perl...') called at /opt/novell/xad/lib/perl/Logger.pm line 202
Logger::Log(0, 'Could not samify the user objects at /opt/novell/xad/lib/perl...') called at /opt/novell/xad/lib/perl/XAD/secure.pm line 376
secure::samify_user_objects('frd_install=HASH(0x8167888)') called at /opt/novell/xad/share/dcinit/provision/provision_samify.pl line 44

In iManager go to the user in question.  In the General tab click on the "other" tab.

Edit the primaryGroupID and change the value to 513.
Edit the gidNumber and change the value to 1049089.

Click apply and move the user.