The AD search query should change when changing the logon required fields in Liferay portal.
For example: the logon was defined to ask the user's screen name and password. The authentication with AD worked fine. The query used: "(&(objectCategory=person)(sAMAccountName=@user_id@))"
I changed the screen name field for email, and the authentication stop working. I had to manually change the search query for user authentication on AD to logon work again. The query became "(&(objectCategory=Person)(mail=@email_address@))".
Maybe the second part of the search query should be and independent field so that changing the user identification on Liferay portal for logon would automatically change the search query. Or, at least, let the user aware of the issue.