You should NOT need a domain admin account for ldap query, unless you made changes to your AD. By default, a domain user can query AD for basic information, which is all we needed.
for testing, do something like this. create a normal domain user account. ie email@example.com. make your base dn the root of your domain. something like DC=domain,DC=local
then for when your asked for the ldap admin dn, enter firstname.lastname@example.org