To resolve this issue go the LDAP authentication server instance on the PCS device and under Determining group membership options
, enable Reverse group search
as per the screenshow below:
By enabling the Reverse group search
option the PCS device will query the AD catalog by checking the groups that the user is a member of, instead of querying every group for the user.