In "Configure Global Security" it is not possible in the UI to configure advanced active directory options without selecting the "Specify custom Active directory domain name" check box. This prevents users from modifying custom advanced settings (such as caching) without configuring AD manually.
After investigation I have found that using a custom active directory domain results in random socket closed failures. If I use the default AD config (which appears to use COM objects in code) it works without any issues. However, the default AD config does not provide the ability to configure caching in the UI.
Users should be able to specify advanced settings for the default AD config option. The "Advanced" button should be moved in the UI so that it does not depend on showing/hiding the "Specify custom Active directory domain name" content. Only options that are used by the default Windows COM mode should be shown independent of the button. If some are not applicable then they should be separated so that there are two sections - generic advanced and unix/custom advanced.
Settings can be modified manually in config.xml. Here is an example: