If you are like me the industry standard has turned to MFA (Multi Factor Authentication) for Administrative Accounts or connecting via VPN.
I like and use Fortinet and the FortiGate's NGFW Systems. I was having issues with using LDAP accounts being able to bypass vpn connections with just the standard Windows Account. To be honest it would allow them to connect without a token never even prompting them for the token.
You have to turn set username-sensitivity disable under the users profile in the CLI.
Here is an example.
Hope this helps some admins it was kind of a head scratcher for me.