The reason why AD didn’t work is because these 2 lines were not set properly,
security.server.ldapDomainDClevel2=
security.server.ldapDomainDClevel1=
As an example, if my AD domain is example.org
security.server.ldapDomainDClevel2=example
security.server.ldapDomainDClevel1=org
If your domain has more levels, you will need to modify these instead
security.server.ldapDomain=
security.server.ldapDomainControllerUrl=
security.server.ldapDomainDC=
The default value for these 3 fields are configured to infer from ldapDomainDClevel1 and ldapDomainDClevel2.
On the LDAP/AD CA,
The certificate needs to be importable using Java keytool
Edit
The Active Directory Domain Controller must have Domain Services enabled. This is required for Sync Endpoint to query the AD using LDAP.