AppControlAD-TIMESTAMP.log results show the EscapeFilter including the Hex code for a special character, such as a slash:
EscapeFilter - EscapeFilter(CN=User\5c, Name....
Environment
App Control Server: 8.9.0 - 8.9.6
Microsoft Active Directory: All Supported Versions
Cause
Active Directory Organizational Units have one or more of the following characters:
\/:*?<>|~:!@#$%^&'(){}
Resolution
Upgrade to Server 8.10+ where this issue has been resolved (EP-17684\EA-22686)
Additional Information
When AllowADScript is set to true Active Directory logging will be included in ServerLog-TIMESTAMP.bt9 and the EscapeFilter will log the special characters similar to:
EscapeFilter - EscapeFilter(CN=User\, Name....
As a workaround the Shepherd Config, AllowADScript could be used to force the "old logic" for Active Directory using vbscript. This should be reverted after upgrading to 8.10.
Navigate to https://AppControlServer/shepherd_config.php
Select the Property: AllowADScript
Change the Value to true.
Restart the App Control Server & Reporter services.
Verify the AD accounts are able to log in correctly.