Hello,
The documentation I found about setting up LDAPS with AADDS doesn't mention anything about the permissions required to perform an LDAP bind. These are the requirements I extracted from https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps:
Users (and service accounts) can't perform LDAP simple binds if you have disabled NTLM password hash synchronization on your managed domain.
Provide the credentials of a user account that belongs to the managed domain.
As far as I can tell, using the credentials of any user that belongs to the domain doesn't work, even after confirming that NTLM password hash synchronization is configured. An LDAP bind as tested with the LDAP.exe tool continued to fail with invalid credentials until the user was added to the "AAD DC Administrators" group in Azure AD.
What are the minimal permissions for an LDAP bind with AADDS? I found other questions in this forum with the same problem, but I can't find a solution.