Haven't updated this tread.
As we've finally "solved" / worked around it.
It looks like its a combination of two things.
AD max-precache settings and the limits.conf
We decided to create multiple AD groups (where the limit of total account is set to 1500 users, as this is the domain setting).
With this setting we've managed to bypass the limit error and onboarded more then 10k of splunk users.