"saMAccountName" is perfectly legit and we've never had an issue reported where it couldn't been used. The only caveat is that you can't use it in multi-domain AD environment as it's only guaranteed to be unique within a domain, and key attribute you choose for CR must be unique globally. For such cases upn or email attributes are better choice.
The only case when you can lose locally created accounts (what includes the default admin account, but also user entries auto-enrolled by authentication scripts, and the ones you created manually on "Manage people" page) is if you unset "Keep external persons" property on CR's main page. It is set by default.
By changing properties on "Manage authentication" page, you usually configure Gluu to use your AD LDAP server for auth, that's why you can't use local admin anymore. Also, before you fully switch to using it, you first need to go to "Manage groups" page and make sure you add some users imported from AD to "Gluu Manager Group"