When root DN of the AD is configured as search root within the Adminui, the connection to the AD user Store fails.

When using an ou in the search root, connection is successful.

AD namespace is used to configure the User Store.

Any Siteminder supported releases 

This can be caused due to NOT using the Full DN of the admin account in the user directory setting.

Changing the user Admin entry from the account name to full DN fixes the issue.

Per the official guide (link below) within section "Enable the SASL Bind Registry Key" , if you are to use the account name of the admin instead of the Full DN , you need to enable the registry key EnableSASLBind  to use SASL bind otherwise a Full DN must be used

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/user-directories/configure-an-active-directory-user-store-connection.html