In fact, you have three possibilities:

• Domain Controller (Windows Server 2000)
• Domain Controller Authentication (Windows Server 2003)
• Kerberos Authentication (Windows Server 2008 and above)

This explanation comes from Russell Tomkins a Microsoft Premier Field Engineer in a very good post which you can find here:

Creating Custom Secure LDAP Certificates for Domain Controllers with Auto Renewal