Hi Robert,
the warning for the User_Login should be ignored in you use case.
Only when you login using a username and password via a login form or service, you should go through the User_Login. This newer action takes care of brute force logins and blocks accounts/ip's after a couple of unsuccessful login attempts.
In your case you login using the AD account and you don't allow users to login manually, which means brute force is not possible in your app.
Hopefully this clears up any doubts you have.
Kind regards,
Remco Dekkinga