I have recently had a support case along these same lines:
I think the problem that we are running into is documented here:
https://communities.ca.com/docs/DOC-98228136
Bulk Load Limitations
Generate Unique User ID - Generates a unique identifier in both the corporate directory and the provisioning server userstore and endpoints.
Uniqueness and Policy Xpress
If the unique identifier uses a non-random business logic, the likelihood of generating a similar identifier is high during the onboarding process. One method is to generate the user identifier with sequential numbers appended to the end of the string, while considering the allowed maximum length of the string; then check uniqueness against the corporate directory.
Operation in memory may run in parallel and collide
During the bulk onboarding process, multiple accounts (1000) have unique identifiers generated. If there is no similarity between sequential IDs and the business logic used to generated the unique identifier, Policy Xpress generates a unique identifier as expected. If there is the possibility of a similar ID and/or a workflow process is to be introduced into the onboarding process, then a temporary database table is required to retain the generated unique identifier until the unique identifier has been committed to the corporate directory; otherwise the single uniqueness check against the corporate directory will not be sufficient. A secondary uniqueness checker is required against the temporary database table to ensure that no two IDs are used prior to being written to the corporate directory.
The resolution to that support case was to read a table that held the unique number, and 1 to it, then write to that table then continue with user creation.