Andy,
Did you change the format of the UPN?
Please note that it needs to be in RFC 822 format. When you get an LDAP 53 error usually you're using an invalid value.
| 53 | LDAP_UNWILLING_TO_PERFORM | Indicates that the LDAP server cannot process the request because of server-defined restrictions. This error is returned for the following reasons: The add entry request violates the server's structure rules...OR...The modify attribute request specifies attributes that users cannot modify...OR...Password restrictions prevent the action...OR...Connection restrictions prevent the action. |
However it's also possible that it's an account restriction, you should see if there has been something changed in the Service Account.
User-Principal-Name attribute (Windows)
Internet E-mail address format (RFC 822) explained
Regards,
Matt