The school I work at where I'm the Moodle administrator has Moodle with ldap authentication, although we aren't using IIS for the internal version of the Moodle, externally we use IIS because only IIS could cope with the certificate to allow https sign-on. I installed Apache instead internally as I had also had previous problems with IIS referencing material and couldn't get a rewrite rule to work.
However that said, our ldap authentication uses a specific moodleadmin administrator level AD account to bind to ldap so our bind distinguished name is cn=moodleadmin, ou=<the ou that moodleadmin is in>,ou=<the service accounts ou>,ou=<the school's ou>,dc=<1st part of school domain>,dc=school <the 2nd part of the domain>. It seems to work OK because I haven't had any complaints about people not being able to login. However, I personally then use a manually created Moodle admin account to administrate the Moodle installation, so that if ldap goes down for whatever reason I can still login successfully.
Our dereference aliases is also set to no with the user attribute set to samaccountname. We don't use SSO though because I found that triggered a login loop problem where it kept trying SSO; failing and then retrying.
Hope this has been of some help.