From the "System Info" page you can see this environment is PAM 3.2.0.331 and FIPS Mode is Enabled.

There are 2 prerequisites.
1. Active Directory has Server Certificate Installed and listening on tcp Port 636 for LDAPS
2. TCP Port 636 is open

If the Port does not show as "open" then you will need to work with your network team to ensure this tcp port is open from PAM to AD for 2 way communication. Stop here if it is "filtered".

Step 1: Add Device

Step 2: Add Target Application

You MUST specify the LDAPS port here so it cannot be 389. You MUST NOT specify the Global Catalogue Port(3268 or 3269). It must be the 636 port as standard.

Step 3: Add Target Account(Account for AD Connection)

Ensure the Password Update is set to both.

The Target Account MUST SHOW as "VERIFIED"!

Step 5: Add LDAP Domain (Config-3rdParty-LDAP)

Step 6: Logout and Login again. (From now on you will have option to choose LDAP for authentication type)

Step 7: Import LDAP Groups(Users-Manage User Groups)

Select the Group that you want to import.
Click on the "Register Groups" button to register this group.

You can see "2 Users Processed: 2 New Users".
You can close the "CA PAM LDAP Browser"

You will now see at the "Users - Manage Users" that you have 2 new users registered.

You can also find at the "Users - Manage User Groups" that you have the LDAP Group registered.