The property 'ad-user-search-criteria' in ApplicationSettings.properties specifies the LDAP search query that is used to find users. By default this is set to something like: objectClass=user, i.e. to return all users.
You can change this query to filter the objects further. For example, if you know that all users have email addresses then the following query will return only users: