Its mostly broken, but the is a workaround. For starters, see bug 26538.
Basically, when using Windows 2003, some queries can be returned as references, which the current (as of 2.2.3) LDAP modules dont handle. The work around is to modify the
AuthLDAPURL to connect to the Global Catalouge on port 3268 (instead of LDAP 389) as the GC doesn’t return references.