To verify this assumption do the following:
1. Download and launch AD Explorer under application pool account (may be done even on client machine but in the same domain).
2. In AD Explorer connect to necessary domain under application pool account.
3. Right click on the domain name -> Search container
4. In Search Container dialog add attributes:
see scrrenshot for how added attributes should look like in the "Current Search Criteria" area:
5. Click Search
If the search was successful then application pool account has permissions to search users in domain.