First our experience is the same. TES can not read an AD-tree, You have to put users directly in the AD-groups in question for use in TES.Second you have to be aware of that users (all including admins) should only have access through an LDAP group.I...