Hi,
I will assume for now that you are running a Linux CheckMK - instance ( as you have not given this detail)
I also had similar issues ( just not with AD) and in the end it was due to the fact that the CheckMK server was unable to resolve the certificate-chain.
The discussion i had was posted here : https://forum.checkmk.com/t/check-ldap-refusing-to-connect-with-tls-requirement-on-ldap-server/51349
In the end it was resolved by adding the CA certificate to the store of CheckMK.
Hope the referenced thread will help you resolve your issue in the same way it did for me.
- Glowsome