- Find a copy of ldp.exe for your version of Windows, google will find one for you. This lets you look at Active Directory from an LDAP perspective.
- Now you just have to figure out what to put in the Realm fragment:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://my.domain.controller:389" userBase="OU=myOU,DC=my,DC=dotted,DC=domain" userSearch="(sAMAccountName={0})" connectionName="CN=SomeGuestAccount,OU=myOU,DC=my,DC=dotted,DC=domain" connectionPassword="guestAccountPassword" userSubtree="true" userRoleName="member" roleBase="OU=myOtherOrSameOU,dc=my,dc=dotted,dc=domain" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/>
sAMAccountName is the entry for the (old) NT username. I found this the most reliable entry to use, but you may find another entry more obvious - use ldp.exe to figure it out - there are different ways to set up AD.