If you are using ipsec make sure that in the settings of the vpn tunnel under XAUTH you have selected the newly created group for domain users or if you are using ssl vpn then check you firewall policy for ssl vpn .

On the client side use username for login not username@domain.xx

I am using ipsec. All the issues you have mentioned have been verified. Unfortunately, it still doesn't work.

What I have to mention is that the PC from which I want to connect via VPN is not registered in the domain. Could this be the problem?

You do not need to register that pc to ad . In ldap setting on fortigate you have 2 debug tools, Test Connectivity and  Test user credentials . First you must use this tools to be sure that everything is set correctly in fortigate .

Also post your actual config  .

(ad-ldap-new) # show
config user ldap
    edit "ad-ldap-new"
        set server "192.168.0.15"
        set cnid "sAMAccountName"
        set dn "dc=mydomain,dc=local"
        set type regular
        set username "myusername@mydomain.local"
        set password ENC mypassword
    next
end

 # show
config vpn ipsec phase1-interface
    edit "roadw"
        set type dynamic
        set interface "port6"
        set mode aggressive
        set peertype any
        set net-device disable
        set mode-cfg enable
        set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1
        set comments "VPN: roadw"
        set wizard-type dialup-forticlient
        set xauthtype auto
        set authusrgrp "vpn-ldap-new"
        set ipv4-start-ip 172.16.16.100
        set ipv4-end-ip 172.16.16.200
        set dns-mode auto
        set ipv4-split-include "RoadW-sediu_split"
        set save-password enable
        set psksecret mysecret
    next
end

gpojer wrote:

 So the vpnusers group has now a local user and a domain user.

I think you need to create a separate vpn group for domain users .