@Andreas Thank you for reaching out to us, As I understand you are trying to investigate the Azure AD Connect warnings after migration, during the delta import sync cycle, you get this error/warning - exported-change-not-reimported on further checking you notice this warning is related to msds-keycredentiallink attribute.
"exported-change-not-reimported" means the imported object's attributes don't match with the object attribute set when it was last exported.
The msDS-keycredentiallink attribute is being written by AAD Connect then something is removing it before next cycle re-imports the value.
To fix these permissions, use Active Directory Users and Computers to grant Read/Write permissions over the msDs-KeyCredentialslLink to the sync account used by Azure AD Connect in domain that is synched.
The permissions should be set at the top of each domain and apply to Descendant User Object:
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.