Not sure how your AD is defined, however here is an example with a virtual AD for testing
Here is a sample LDAP search query
ldapsearch -h "YOURHOSTNAME" or "Ipaddress" -p "your LDAP port" -b "CN=Splunk Users,OU=Security Groups - SPLUNK,DC=YOURS,DC=IT,DC=Splunk,DC=edu" -x -D "Splunk service account" -W "groupNameAttribute"
My AD has a "OU" or group called "Security Groups-Splunk" Under that Group,
I created a "CN" or group called Splunk Users, you can place your potential users in that group.
The display or real user name is "Splunk Service account" -You will need to specify credentials when you test with LDAP search. So ensure you have the correct password. Otherwise your account maybe locked out based upon your inherent Security Group policies.
You can also substitute "realNameAttribute" "displayname" "member" "userNameAttribute"" after -W for further testing
Sample (Domain Component) or your Domain name = yours.IT.Splunk.edu
You can verify your ad configuration using another LDAP Windows GUI browser. I used Active Directory Explorer
Once it works go to Map groups to verify users from Splunk web interface