Active Directory requires that the following ten characters be escaped with the backslash "\" escape character if they appear in any of the individual components of a distinguished name:
- Comma ,
- Backslash character \
- Pound sign (hash sign) #
- Plus sign +
- Less than symbol <
- Greater than symbol >
- Semicolon ;
- Double quote (quotation mark) "
- Equal sign =
- Leading or trailing spaces
Due to a processing issue, these characters are not handled correctly.
This prevents the user being matched to the AD Group, in turn no translation occurs to map the login with the Grouping object and the IDFW rule will not be applied.