Using the setting below will allow VPN access to all users member of the VPN Users group.
Server Settings
Descriptive name: Microsoft AD Type: LDAP
LDAP Server Settings
Hostname or IP address: yourmsdomain.local Port value: 389 Transport: TCP Protocol version: 3 Server Timeout: 25 Timeout for LDAP operations (seconds): 25 Search scope - Level: One Level - Base DN: DC=yourmsdomain,DC=local Authentication containers: OU=Users,DC=yourmsdomain,DC=local Extended query: ticked Query: memberOf=CN=VPN Users,OU=Groups,DC=yourmsdomain,DC=local Bind anonymous: not ticked Bind credentials: nameofyourbinduser (NAME not username) and password User naming attribute: samAccountName Group naming attribute: cn Group member attribute: memberOf RFC 2307 Groups: not ticked Group Object Class: empty UTF8 Encode: not ticked Username Alterations: not ticked