Negative. 

cn=administrator,cn=users,dc=atat,dc=lab

works

cn=administrator,ou=users,dc=atat,dc=lab

does not work

If I move administrator to a new OU, neither cn or ou works.  I tried building a fresh 08R2 and 2012 Domain Controller and the administrator account is still the only one that will work for bind.

We were suspecting if you are running into a duplicate user on HWS.

Basically, you used administrator from first OU, this creates a user with name administrator in HWS.

Then, you switch to a different OU, This will try to create a new user with name administrator again in HWS. This is probably throwing an error.

Can you check if the service-va or connector-va have any logs?

service-va: /opt/vmware/horizon/horizoninstance/logs/horizon.log

connector-va: /opt/vmware/c2/c2instance/logs/connector.log

I believe I've tried with OU before it accepts it with CN, but could be mistaken.  I'm redeploying currently and will monitor those logs with the other accounts and report back soon.

cn=horizon,ou=users,dc=atat,dc=lab

didn't work

cn=horizon,cn=users,dc=atat,dc=lab

didn't work

cn=administrator,ou=users,dc=atat,dc=lab

didn't work

cn=administrator,cn=users,dc=atat,dc=lab

works

accidentally went through the ldap step, redeploying to capture log.

Heres the log file: http://pastebin.com/V64Udwry

From the log looks like for "cn=horizon,cn=users,dc=atat,dc=lab" ldap returned with "invalid credentials". The ldap error code from the log says "Returns when username is valid but password/credential is invalid."

Was this the same error for all the other accounts that were tried as well?

see: Ldapwiki: Common Active Directory Bind Errors

looks like my reply didn't take.  The issue ended up being in the way Windows creates CNs for an account.  If you create an account, only specifying the account name, the CN is created as the account name.  If you create the account and specify the first and last name (Horizon Workspace requirement), then the CN is created using the account's defined firstname lastname fields.