By default the uid attribute (RMS.cdd property: be.auth.ldap.uidattr) for Microsoft Active Directory is "CN" but the login name and the LDAP CN attribute can have different values.
In that case, the authentication fails (user not found).

On LDAP authentication the RMS server uses below filters for an LDAP search.

1.) Return attribute value "distinguishedName" for the userID 
LDAP filter:  (&(cn=<userID>)(objectclass=*))

2.) Search for group memberships 
LDAP filter: (&(distinguishedName=<distingueshNameReturnedByFirstSearch>)(objectclass=*))

Update the uid attribute used by the first LDAP search. On Microsoft Active Directory the LDAP attribute that stores the login account is sAMAccountName, so it is required to update the RMS.cdd property "be.auth.ldap.uidattr" and set it to sAMAccountName.

You have to restart the RMS server after modify settings in RMS.cdd file.  The RMS server will now use sAMAccountName in first LDAP search string.
LDAP filter: (&(sAMAccountName=<userID>)(objectclass=*))

Sample LDAP settings in RMS.cdd file:
<property-group comment="" name="LDAP">
        <property name="be.auth.type" type="string" value="ldap"/>
        <property name="be.auth.ldap.host" value="testSupportAD"/>
        <property name="be.auth.ldap.port" value="389"/>
        <property name="be.auth.ldap.adminDN" value="CN=Administrator,CN=Users,DC=testSupportAD,DC=us"/>
        <property name="be.auth.ldap.adminPassword" value="<password>"/>
        <property name="be.auth.ldap.baseDN" value="DC=testSupportAD,DC=us"/>
        <property name="be.auth.ldap.roleAttr" value="memberOf"/>
        <property name="be.auth.ldap.uidattr" value="sAMAccountName"/>
        <property name="be.auth.ldap.objectClass" value="*"/>
        <property name="be.auth.ldap.useRoleDN" value="false"/>
</property-group>

Note:
All LDAP operations (search string) recorded in the RMS server log when debug is enabled in RMS.cdd file (<roles>*:debug</roles>).