Thanks hexx. Unfortunately, this workaround/fix did not work for me.

I made the changes per your steps (and removed my local.meta changes), but I continue to get ldap calls for the admin user, and the modal screen does not appear. I also added dispatchAs = user to all of the savedsearches stanzas that are in default, but same thing happened. I even went so far as to add dispatchAs = user to a default stanza in this savedsearches.conf, but still no luck. Also, changing the owner in local.meta to a renamed admin account does not work. Lastly, I removed LDAP authentication, and that did not help.

In addition, the Forwarder Monitoring Setup page does not load when the "admin" user account does not exist.

So far, the only thing that has worked for me is to temporarily add a local "admin" user account.

Is there a log.cfg setting that I can set to DEBUG the calls to which populating lookup search is run, and by what user?

I'm sorry to hear this suggested work-around did not function. I would like to strongly encourage you to open a support case so that we can look into this issue in more detail and identify if there is a new defect to be fixed here.

When changing to a Distributed configuration and clicking Apply Changes (with no errors), the Modal screen fails to appear or apply any changes. Only after creating the 'admin' account, the changes apply as expected. Also, splunkd.log shows failed admin ldap logins.

Actually, I was wrong: The fix for this issue did not make it into 6.3 which explains why you are still seeing it! I will explain how to work around this problem in an answer.