User-search-base is the FQDN of the group where your (admin) users reside. I wouldn't create any extra group for this, if your priviledged account resides within OU=Admins, then it becomes OU=Admins,OU=Location,DC=Domain,DC=TLD.
User Group Name is then a security group (Global) where privileged users are added to. In your case it is let's say 'MyGroup' which has as a member your admin and other privileged accounts.
In addition to that, I have also configured the Alt-Server and Alt-Port and my MSA arrays are already using TLS/SSL certificates. Port 636 is a Secure LDAP port which might be needing the CA root certificate to be able to authenticate - although not sure of it.