Trent,
You have hit upon your problem. AD will not return password information. You must attempt to bind as the user in question in order to authenticate. Malte added this support to nsldap and the LDAP driver. We subsequently modified that support on oacs-5-2 so that it is configurable via the authority admin pages. However, if you are not running from an oacs-5-2 checkout you will have to go in and edit auth-ldap-procs.tcl by hand to enable it. I posted some documentation (now out of sync with oacs-5-2 code) which Malte or Carl may have passed along already that should help you. It's located here: https://openacs.org/storage/view/miscellaneous/OpenACS_LDAP_Integration.doc. In particular, check out the section titled "Enabling bind support and FDN lookup".
Keep in mind that you also need to be running the version of nsldap with bind support. Since the modified module isn't yet in aolserver's CVS repository, it's currently available only from a few people in the community. If you don't have that code, let us know and we'll get it to you.