Some months are gone ... but still true what silvio said: connect your upam with your AD and make use of it inside an authentication-policy.
While theory and configuration is pretty straight forward, keep a keen eye on your preparations BEFORE you try to connect to an AD-server.
To authenticate against AD you need the proper LDAP-DN's and clean DNS-setup.
First thing: make shure your OV-machine and your AD-Server can resolve their hostnames each other back and forth.
[browsing is done via LDAP but authentication is realized via kerberos ! ... to build a trusted kerberos-link you need proper dns-resolution]
means: both machines can ask the dns-server [in lot of the cases this might be the AD-Server itself] for the name of the [AD/OV] and will receive the IP-addresse AND can ask for the IP and than will receive the FQDN of the [AD/OV] !
To grab the proper LDAP-phrases use a tool like GetMyDN.exe ... most of the time building an LDAP-link is wasted by debugging syntax-errors in LDAP-DN's
Rest is a piece of cake:
then you can click on the "Test Connection"
and when you see the green light ... you're good to go : )