The Active Directory support is currently limited to AD DS. Support for AD LDS is missing. The latter is quite different in several terms.
The most important difference is that it lacks the userControlAttribute bitmask and offers dedicated attributes instead of which the following are relevant for Keycloak:
Another imporant difference is that it's using the userPassword attribute in favor of unicodePwd for setting passwords.
See the pull request for details.