If you need to authenticate your users against a LDAP (like Active Directory), you have not to store user's passwords at all. You need not to store them.

You need to use LDAP authentication for your appliation, when the user insert the login/password pair, you forward these info to Active Directory and if it confirms you know that the user is authenticated in that system.