We are excited to announce that we have launched our new Hive Community! HiveNation will remain as an archive, but all new posts, discussions, and articles will be created on Hive Community. You can visit our new community at thehivecommunity.aerohive.com
Authenticating against AD means RADIUS, which in turn means certs. PPSK is the only option without cert but no AD authentication. You could manually manage PPSK to reflect what is in AD but I doubt the efficiency and accuracy of such an approach. I have been looking at pros and cons of both and in the end decided that RADIUS is easier to manage in our environment, and it has the accounting feature that matches users to IP in firewall.