In the LDAP configuration that is being used for Registration (auth & admin) role in the AAA configuration set the following:
For the "Schema Definition":
User Object Class: user
User Search Attribute: userPrincipalName
Make sure the box to "Keep Domain Name for User Lookup" is checked.
This configuration requires that the user accounts in active directory have the UPN configured for the firstname.lastname@example.org. Once this is set users will be REQUIRED to login to the captive portal with the email@example.com format.