One way to avoid this is to use the following option during join, from the AD join documentation.

Step 7 - (Optional) Check the Specify Organizational Unit checkbox.
You should check this checkbox in case the Cisco ISE node machine account is to be located in a specific Organizational Unit other than CN=Computers,DC=someDomain,DC=someTLD. Cisco ISE creates the machine account under the specified organizational unit or moves it to this location if the machine account already exists. If the organizational unit is not specified, Cisco ISE uses the default location. The value should be specified in full distinguished name (DN) format. The syntax must conform to the Microsoft guidelines. Special reserved characters, such as /'+,;=<> line feed, space, and carriage return must be escaped by a backslash (\). For example, OU=Cisco ISE\,US,OU=IT Servers,OU=Servers\, and Workstations,DC=someDomain,DC=someTLD. If the machine account is already created, you need not check this checkbox. You can also change the location of the machine account after you join to the Active Directory domain.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_01110.html?bookSearch=true#ID612

Now as for moving the machines after the fact, no issue. I can't find it in the documentation but I did just try it in the lab. No issues moving it after joining or with restarting the AD connector, all the lookups I performed passed fine. Another option if it makes you feel better about it.  You can create machine accounts in the OU you want prior to joining ISE to AD. Ex, manually create machine accounts in a server OU, join AD, ISE leaves them where they were created.