Have you considered using Network Policy Server?
You can install this role on your 2008R2 server and it will act as a radius server, using AD for authentication.
In my oppinion, this is usually a better and more secure option than messing with LDAP :)