Now how can we get access to read and manipulate the ACL and thus child ACE's via the AD driver. :)
No doubt we could do it in a Scripting driver.
As for the bug itself, Bugzilla seems to implied it is fixed in IDM 4. Now patches for the ADDriver have been back ported for the last while, so the same ADDriver works on IDM 3.5, 3.5.1, 3.6 and 3.6.1. I am hoping the same will be true with IDM 4, and thus that the next patch to the AD driver would be from the IDM 4 codebase and include this fix, but I have no evidence to support this.