Perhaps try some simple like this under User Synchronization.
Search Base DN: CN=Users,DC=domain,DC=net
Search Pattern: (&(objectClass=user)(sAMAccountName={0}))
Name Attribute: sAMAccountName
Full Name Attribute: displayName
Lets say is your users are in a OU called mail then something like this.
Search Base DN: CN=mail,DC=domain,DC=net
Search Pattern: (&(objectClass=user)(sAMAccountName={0}))
Name Attribute: sAMAccountName
Full Name Attribute: displayName
This would depend on how you setup your AD and your other configurations that are not shown in this post.
I would advice checking permissions for the user your using in System User DN also.
This would require at lest a read role in Active directory for that user.
Perhaps check out this post. It might give you some clues
When posting please take a look here this may help out.
