Change account definition of AD account

I have different account definition for internal and external persons, it gives AD account to same AD. In case of change from external to internal, I would like to keep the same AD account. So my question is how I can change the account definition in the AD account? So it does not delete the old AD account when person has another account definition.

I have tried to do it in process in two ways:

1) HandleObjectComponent - Update but it said that  Write permission denied for value "UID_TSBAccountDef".

2) in process step update with SQL, but it is not working everytime, I think it would be better if the change is done in object layer, not directly to DB with SQL