Would the population size of the Base DN make any difference to the SSO as I have a few AD accounts but none are working for me

I seem to recall a KB about that, but can't find it now. I would imagine, if even just from a security perspective its best to limit the base DN to an OU/CN with a limited number of users who should have access versus an entire domain.

I modified the Base User DN & Base Group DN to only search a subset of the domain and was able to use a standard AD user account to configure the AD identity source so I'm not sure if it was down to the population but did remove a large number of possible users from which SSO had to search

Do you know if it matters whether the Base DN has to exclusively contain only User objects?

It needs permission similar to the pre-windows 2000 compatabible access group, so ability to read user attributes, and groups and nested groups.  In some environments even a domain admin might not have the necessary perms to perform this operation so it might not be a good way to test.  Pre-Windows 2000 should at least get you working.

I would try looking up some ldap permissions...if I remember I think when I was setting up a Citrix  Netscaler there was an article on the permissions needed for nested group extraction that showed you the exact permissions to set in AD that should be applicable here as well.