You have two options:
1. Setup an AD server as an LDAP server and authenticate users directly to that via captive portal by putting the LDAP server on the controller into the server group in the Captive Portal authentication profile.
2. Setup an AD server as a radius (NPS or IAS) server and authenticating users by putting the radius server on the controller into the server group in the Captive Portal authentication profile.