Apply the attached .patch file and set the proper config.php entries and it will work properly with AD. I fixed this months ago, and so far this file hasn't been touched so it should be safe.

$config['auth_ldap_binddn'] = "CN=blah,OU=Service Accounts,DC=arbor,DC=net";
$config['auth_ldap_bindpw'] = "PASSWORD";


$config['auth_ldap_attr']['uid'] = "sAMAccountName";
$config['auth_ldap_attr']['uidNumber'] = "objectSid";
$config['auth_ldap_attr']['cn'] = "cn";
$config['auth_ldap_objectclass'] = "person";

$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "ldap.domain.com";
$config['auth_ldap_port']   = 389;
$config['auth_ldap_starttls'] = FALSE;

$config['auth_ldap_prefix'] = "CN=";
$config['auth_ldap_suffix'] = ",OU=All Users,DC=arbor,DC=net";
$config['auth_ldap_group']  = array("CN=NMS-Users,OU=Security Groups,DC=arbor,DC=net");
$config['auth_ldap_groupbase'] = "OU=Security Groups,DC=arbor,DC=net";

$config['auth_ldap_groupmembertype'] = "fulldn";
$config['auth_ldap_groupmemberattr'] = "member";

unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['NMS-Admins']['level'] = 10;
$config['auth_ldap_groups']['NMS-GlobalReadOnly']['level'] = 7;
$config['auth_ldap_groups']['NMS-Users']['level'] = 1;