I am creating an RBE for Exchange Mailbox management. I want to assign
entitlements to different message stores based upon the users OU. I am
Using IDM 3.5.1 on SLES 10 OES 2 server.

I have tried the following condition:
ObjectClass = User .AND. OU=userOU.Organization

This does not work. It will not return any members when testing. Even
limiting to only OU does not seem to yield the correct result.

I can set the conditions to:
ObjectClass = User .AND.

This works. The problem with using GroupMembership is that the
Entitlement will delete the mailbox (instead of moving) if you remove
the user from the group and click apply without also adding the user to
another Group that also has a Mailboxstore entitlement.

I cannot ensure that all admins will always follow correct procedures,
and want to base it on OU instead. Is this a bug in IDM, or am I
entering the criteria incorrectly?

