We have an AD Driver running on Windows 2012 that sets passwords from events received over the Subscriber channel. The service is logged in as Local System, and it works fine.

We are going to migrate it to Windows 2016 Datacenter server (DC), but attempts to set the password give the error Access Denied (error code 5). In both cases, IDM is 4.5.5 and the AD Driver is 4.0.2.1, the latest.

I did have a problem with the IDMPowerShellService being "blocked" by security. The AD Driver binaries were also blocked, but unblocking them didn't help.

I'd post log files but there really isn't any additional information other than "access denied." I'm going to look into LDAP logging on the DC.

Thanks for any help you can offer.

-- Sam S.