Re: Force Fortiauthenticator to use another login to connect to AD
For an LDAP to work you do not need to have "Windows Active Directory Domain Authentication" set. That's very useful for Kerberos auth used for EAP type of authentications, for example in 802.1x and WiFi clients.
Another issue is that setting is not correct.
- Kerberos Realm is usually domain, like whole domain, name .. like ALFA.EXAMPLE.COM
- Domain NetBIOS name is also UPPERCASE and case sensitive .. in my example it would be ALFA
- then admin name is just 'username' no UPN, which seems to be OK in your case, just make sure that such admin is at least member of Domain Join allowed group, better Domain Admins or Administrators.
Then it should work.