I can give you summary of how I have each setting configured.Domain: using domain including top level suffixDNS: IP of one DNS serverLDAP: IP of two DCsTLS is uncheckedSearch User is set to the Domain Admin (to bypass access rights, but is normally a different search user)Pwd: setSearch Base: "OU=,DC=,DC=com"LDAP Schema: M$ ADBoth Staff and Client Authentication are checked.