To resolve this issue go the LDAP authentication server instance on the PCS device and under
Determining group membership options, enable
Reverse group search as per the screenshow below:

By enabling the
Reverse group search option the PCS device will query the AD catalog by checking the groups that the user is a member of, instead of querying every group for the user.