API tokens and AD user purges

So I was just made aware of an API issue for one of our users. This user generally does not log into the UI but had just to take a look at what was available so they showed up in the list for API users when I generated him a token. Since then he has not logged back in to the UI and after 30 days his account got purged and his API token no longer works.

So is there a way to keep the API token active without either disabling the AD purge (a big no from our security folks) or having the user log in to the UI at least once a month? My ultimate goal would be to not have individual users have API tokens but to have a single AD service account with a token associated to it but I’d end up with the same problem of having to log into the UI monthly as that account.

Would creating a local account, create the api key then delete the password work?

Either that pr get a system AD account and write a quick automated login script to run once a week?

Can’t create a local account when it’s set up for AD authentication otherwise I’d probably do that. The AD service account is an option but I’m hoping to be able to avoid the auto login script.

Hi, does this have any solution?