I am in process of migrating from samba3 NT4 domain into LDAP, so no production experience so far, but samba with BIND9_DLZ seems to be working. "from samba3 NT4 LDAP domain to AD", of course, sorry