If you can get the server into the AD domain the users login to with their PCs, follow the advice here:
http://docs.moodle.org/25/en/NTLM_authentication
We have moved to AD for desktops during the course of this year, so later in the year we will look at moving our moodle server into AD so when users have signed in to a college PC they can just click the moodle icon and it will pickup their windows login session.
Currently we use LDAP from the old (eDirectory, ugh) system to authenticate users, but when we move moodle to AD we'll have it authneticate against AD (via LDAP) when there is no NTLM session found.