As for the settings, they are extremely picky. I do use a bind user - I think that it is necessary for Moodle though I have seen other systems rely on the user credentials for binding. Also, if you want Moodle to be able to update passwords, you need to give your bind user sufficient privileges to do that.
The context also has to be put in there just right and for MSAD change the user attribute to samaccountname.
There is a link to a utility on the LDAP settings which should help you get your settings right. The force update password on first login does not work and if the force password change is set in MSAD, users will not be able to log in.