AD Admin account cannot logon to Gitea

I have configured Authentication Source and create an account with admin right on Gitea using that source.
Then I cannot logon with that admin account, but somehow I can if I added the account to normal user group on the AD. And there’s another problem that the admin right will be auto deactivated if I add the account to normal user group.

Suspecting the “Admin Filter” doesn’t work

Please kindly advise. Thank you very much