Have just seen this issue in a lab environment with the same issue (account is Enterprise Administrator etc.).
Installing a different policy fixed it.

Not sure yet what the problem is but at the moment but suspect HTTPS Inspection could be causing it or Application Control or URLF blade. HTTPS Inspection policy was last updated.

Edit: Also R81.10, no JHFA 30 installed yet.

Edit2: Windows Server 2016 Standard

Rgds,

Don

I saw this once before when I was on site with a customer and we just created another admin account and then it all worked. I really never got a good explanation from TAC why this would happen...

Have seen this happen when the AD domain is configured to only allow NTLMv2.

Check Point recommends using Identity Collector as the identity source instead of AD Query - any chance you can switch to using that?  Seems using ADQ will only get more challenging in the future - check out sk176148.

Hi guys, many thanks for advice.
I catch this issue in my lab environment not production, I don't know what was it, but I reinstall windows server and it was resolve. 
Regarding Identity Collector I know, but for some tests needed exactly AD Query.

Just encountered the exact same issue with a fresh Win2022 Server lab installation.

The error messages when trying to connect the AD are quite useful: they tell you if it can't reach the ADC, if the credentials are wrong or if the domain can't be found.

Thus, if you see this "User is not a domain administrator as such AD Query will not work" message, it's most likely not a connection/lack of policies issue.

Also keep in mind that the initial connectivity test is made from the SmartConsole's machine instead of from the GW.

However, in my case after installing all the Windows updates and couple reboots, the connection eventually worked.