If the Ubuntu box is active directory domain joined for user authentication, the domain users cannot authenticate without changes to the sssd.conf file.
sudo -i
cd /etc/sssd
nano sssd.conf
add 3 lines
case_sensitive = False
ad_gpo_access_control = enforcing
ad_gpo_map_remote_interactive = +xrdp-sesman
restart sssd
systemctl restart sssd
For domain user name use the full domain in this format.
user@nameof.domain
Jerry's blog 