Success command is: ldapsearch.bat -b "dc=domain,dc=com" -D "cn=username,cn=users,dc=domain,dc=com" "(&(|(cn=username)(samAccountName=username))(objectclass=user))".
When I get user with username username, I move this settings to WebSphere Application Server. Also, user should be in group Domain Administrator.
We must set next settings in WAS(sorry me, but name of parameters are not exact, because I have russian version of WAS):
Administrator username: username
Host: localhost(or other if AD server installed on other host)
LDAP Server Type: Active Directory
Base DN: dc=domain, dc=com
Other DN: cn=username,cn=users,dc=domain,dc=com
Password for connect: domain password for user
In next step we should set filters(Additional Parameters for LDAP registry):
User Filter: (&(|(cn=%v)(samAccountName=%v))(objectclass=user))
Group Filter: (&(cn=%v)(objectcategory=group))
ID user map: user:sAMAccountName
ID group map: *:cn
And now you can set current global security as autonomous LDAP registry!