So I have a AD driver in a child domain. There is Exchange, but it is
installed in the root domain. (Well at least the cn=configuration
container with the Exchange stuff is in the root partition)

But the Entitlement query is specifically looking at the current domain
(the child) and not the parent.

Not sure how I can control what it is looking at. I suppose if I
changed the domain in the GCV to the parent domain it might work, but
then the AD driver won't work as I will be connecting to the wrong domain.

Not sure where the DN is coming from, that is used in the query.

<nds dtdversion="2.0">
<input>
<query class-name="msExchPrivateMDB"
dest-dn="CN=Configuration,DC=acmedev,DC=acme-dev,DC=local" event-id="0"
scope="subtree">
<search-class class-name="msExchPrivateMDB"/>
<read-attr attr-name="msExchOwningServer"/>
<read-attr attr-name="cn"/>
</query>
</input>
</nds>

But of course, that dest-dn is wrong.

Should be: CN=Configuration,DC=acme-dev,DC=local

But my users are in the child domain... Hmmm...


IDM 4.5.4, Windows 2012R2, Exchange 2014