LDAP integration to Orchestrator using legacy domain name

LDAP integration has been enabled in the web.config and settings enabled in IIS.
The problem I am getting is that the users are getting found during LDAP search when adding but when they are imported they are getting the suffix of our legacy domain name.
the email address is correctly imported but the user is not functional because it has a different name.
user ID: johnsmith@oldDomain
email address: johnsmith@domain.com
the web.config does have the windows.authentication=“True”
and the domain is correct for us but it resolves to the legacy:

I think this was missed because you posted in the Connect Enterprise Hub sub forum