2. Change the application pool to run as that user
2a. This is accomplished in IIS Manager
2b. Click on the site that was created for mediawiki (in my case it was MediaWiki)
2c. Open the Authentication subsection
Right-click on Anonymous Authentication, click Edit.
2d. Change the specific user to the DOMAIN\\webagent
2e. Restart the IIS services by right-clicking on the server and selecting STOP, then repeating and selecting START.
3. add the following lines to LocalSettings.php
## LDAP Authentication extension start##
require_once (“$IP/extensions/LdapAuthentication/LdapAuthentication.php”);
$wgAuth = new LdapAuthenticationPlugin();

#Set the domain short name.
$wgLDAPDomainNames = array( ‘MYDOMAIN’ );

#Set names or IP addresses of AD servers.
$wgLDAPServerNames = array( ‘MYDOMAIN’ => ‘Adserver1.MYDOMAIN.com Adserver2.MYDOMAIN.com Adserver3.MYDOMAIN.com’ );

#Tell the plugin how to authenticate.
#note: USER-NAME is a special string and should not be changed.
$wgLDAPSearchStrings = array( “MYDOMAIN” => “USER-NAME@MYDOMAIN” );

#Set the encryption type
$wgLDAPEncryptionType = array( ‘MYDOMAIN’ => ‘sasl’);
$wgLDAPGroupUseFullDN = array( “MYDOMAIN”=>true );
$wgLDAPGroupObjectclass = array( “MYDOMAIN”=>”group” );
$wgLDAPGroupAttribute = array( “MYDOMAIN”=>”member” );
$wgLDAPGroupSearchNestedGroups = array( “MYDOMAIN”=>true );
$wgLDAPGroupNameAttribute = array( “MYDOMAIN”=>”cn” );
$wgLDAPBaseDNs = array( “MYDOMAIN”=>”dc=MYDOMAIN,dc=COM” );
$wgLDAPSearchAttributes = array( ‘MYDOMAIN’ => ‘sAMAccountName’);
$wgMinimalPasswordLength = 1;
$wgLDAPProxyAgent = array( ‘MYDOMAIN’ => ‘CN=Web Agent,OU=MYORGANIZATIONALUNIT,OU=MYOTHEROU,DC=MYDOMAIN,DC=COM’);
$wgLDAPProxyAgentPassword = array( ‘MYDOMAIN’ => ‘MYAAGENTPASSWORD’);
## LDAP Authentication extension end##

Special notes: I specified SASL for the encryption intentionally, as my reading suggests that self-signed certificates, in certain situations can be a hazard. Also the reliance on a 3rd party provider is not my preference.
While the documentation does not state that SASL is supported, it appears to work perfectly. In my tests, the logins/passwords are NOT being sent in cleartext, but rather leveraging unterlying Kerberos technology to handle the cipher work. To test this I used a Windows 7 PC with Wireshark v1.8.6 on managed switch where I mirrored the port to which the AD server was connected.

References:
http://support.microsoft.com/kb/321051
http://msdn.microsoft.com/en-us/library/cc223498.aspx
http://msdn.microsoft.com/en-us/library/cc223498.aspx
http://kb.iu.edu/data/acjj.html

There’s quite a few issues with it. It doesn’t convert completely properly and it doesn’t handle uploads, since it doesn’t log into MediaWiki correctly anymore. Assuming you have a good cleanup army and the Replace Text extension (http://www.mediawiki.org/wiki/Extension:Replace_Text) it’s not so bad.

How did you handle the document migration? Did you use one of these: https://www.mediawiki.org/wiki/MoinMoin

I think generally you get poor results from adding extensions one at a time as you think you need them. In a “distro” approach, you install a well known integrated package that includes many things you may not use, but which are known to work well with each other and to have been installed in a particular robust *ORDER* – which is key.

http://www.mediawiki.org/wiki/Semantic_Bundle lists the extensions, some of which are recommended in the above.

Semantic Mediawiki Plus / Halo puts a very usable front end on the maintenance of property data and makes it very easy to use sophisticated semantic web tools such as reasoners. The ontoprise tool suite was available on both Sharepoint and on SMW platforms, making it easy to move data between them, but that company is gone and the successors are not clear on this support ability.

There is talk about SMW+ / Halo becoming part of, or an extension of, Semantic Bundle, once the next release of Bundle in early 2013. Diqa runs it meanwhile.

Distros specific to intranets are probably coming soon, too, especially if the US govt can be convinced to release some if its work for its various internal wikis.