There are two places where LDAP can fail - bind and search.
Bind is the login portion, which gives you access to search. Sounds like that's working for you.
Search can fail for a number of reasons:
- wrong search scope
- wrong base DN specified
- incorrect LDAP schema attributes specified
- object doesn't exist/isn't populated with UNIX attributes in AD
There's no way to resolve this issue without the details asked for in previous posts. We'd need the DN specified, the schema being used and Powershell output of the AD object being queried.
For example: Get-ADUser {name} -properties *