In fact, you have three possibilities:
- Domain Controller (Windows Server 2000)
- Domain Controller Authentication (Windows Server 2003)
- Kerberos Authentication (Windows Server 2008 and above)
This explanation comes from Russell Tomkins a Microsoft Premier Field Engineer in a very good post which you can find here:
Creating Custom Secure LDAP Certificates for Domain Controllers with Auto Renewal
itluke.online 