Did you fill in the 'Manage User Groups' with one or more group CN's? If so, what did the 'External LDAP server synchronization' workflow job log show? Can the user accounts be found within "cn=users,dc=training,dc=local"? Are these users members of the group or groups you specified in 'Manage User Groups'?

Interesting. I get the exact same errors for any groups and/or users that exist in a different domain other than the group specified in 'Manage User Groups'. In otherwords, the ldapsearch the UI uses will not find any users/groups that are not in the domain it is syncing with. So is the 'cifs' group actually residing in a different domain/forest than dc=training,dc=local ?

why dont you guys use sysinternal tool...

This is advanced AD explorer, this tool will help you in such cases where we have to enter full path of LDAP to AD object.

refer to below screenshot for your reference also download link for this is also mentioned below.

NOTE: This tool is FREE

http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx

You can also use dsquery to grab info from AD....it's built in, no need to install anything.

dsquery group -name "domain users"

dsquery * "CN=Domain Users,CN=Users,DC=acme,DC=com" -attr *

....does the output really show your users that you expect? And what does it say about memberOf?

For users, pick one and insert cn specifics: dsquery * <cn> -name <username> -attr *

Btw....what does an ldapsearch w/in the linux OS on your PureDisk server output? If ldapsearch cannot display what you expect there is no way PureDisk will.