Active Directory doesn't accept anonymous requests anymore.
With Windows Server 2003, only authenticated users may initiate an LDAP request against Windows Server 2003-based domain controllers. You can override this new default behavior by changing the seventh character of the dsHeuristics attribute on the DN path as follows: 
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,Root domain in forest
from: http://support.microsoft.com/kb/326690