This is almost certainly a bug in their implementation. It is known that this character must be escaped when used in an ADSI path expression. However, given that it is a valid LDAP character in a DN, the LDAP server will not automatically escape it for you.
I'm guessing they just forgot to do this extra logic and didn't have a test case for this either.
Would you consider reporting a bug to Microsoft?