Following up on that thread I created. What I have been doing is getting a system administrator with enough account permissions to remove his/her CAC requirement and use username and password to search for the user in question. A user with enough permissions or a service account with enough permissions is used to query for whichever group or individual I am trying to add. It sucks though due to turnover and the fact that another team has to essentially use my authenticated session to use an account or I have to create an account for them to use with the bare minimum permissions. Then a few Tier I sysadmins try and can't get it to work. Eventually it gets enough traction where the right individual with enough permissions does the query for me.
Bottom line, the error message is misleading. "No domain specified. Please enter search string in the format: Domain\Groupname
A more helpful error message would be: Unable to query.
Well, not exactly helpful, but less misleading.