When configuring the user filter in conjunction with a container, it may be necessary to add some additional statements to allow the user to be found. The reason potentially for this is that when creating a user in AD by default the users are created in "Domain Users" built in group. This is the users "Default Primary Group". The primarygroup is not present in memberOf Attribute but in primaryGroupID attribute. The primaryGroupID is not a distinguished name but just the Relative Identifier (RID) of the primary group. For this reason, when we use a group to contain the users and search for the "memberOf" property the user is not found. Therefore, an LDAP query statement in the 'User' filter, like the below example, may be necessary.