ANSWER:

AD provides an LDAP directory service, so (my first guess) would be looking at some system to make sendmail/dovecot/imap authenticate against the LDAP user/passwords.

Tools like pam_ldap, and nss_ldap, openldap-client and Sasl could be used for this purpose. Ive not actually implemented this one myself but there are some links which might be a starting point..

http://www.ltrr.arizona.edu/~mmunro/ldapmail/index.html
http://logout.sh/computers/sendmail/

In this scenario you would maintain a central list of users and passwords in Active Directory, and authenticate the users SMTP request against the LDAP centrally. I am presuming that you also have Dovecot or Cyrus, or some other IMAP/pop3 server to manage access to the mailboxes? Basically, you have a pam module generate a user directory and mailbox on the sendmail/imap host when the user first logs in and is successfully authenticated against the LDAP/AD server. In this way the uses “pulls” their data, rather than explicitly sync’s the accounts to both systems.

You can protect the traffic between SMTP/IMAP and LDAP/AD using a self signed cert if you have to do this on untrusted networks.

by Tom H from http://serverfault.com/questions/387360