Try something like this,

aaa-server LDAP-AUTHO protocol ldap

aaa-server LDAP-AUTHO (inside) host

ldap-base-dn DC=TEST,DC=COM

ldap-scope subtree

ldap-naming-attribute sAMAccountName

ldap-login-password *

ldap-login-dn CN=admin,CN=Users,DC=TEST,DC=COM

server-type microsoft

ldap-attribute-map AD-map

ldap attribute-map AD-map

map-name memberOf Tunnel-Group-Lock

map-value memberOf CN=CiscoVPN,CN=Users,DC=TEST,DC=COM

tunnel-group general-attributes

authorization-server-group LDAP-AUTHO

Regards,

Prem

Please rate if it helps!