dsconfigad did not support signing of LDAP packets in 10.4.x. However, this was an upgrade that was introduced in the 10.5 version of the AD Plug-in. Provided that your Active Directory environment uses LDAP signing, a standard policy with DCs, you can mirror your settings on the DC in dsconfigad by using the -packetsigning option followed by either an allow, disable or require variable. To force LDAP signing, just run the following command:
dsconfigad -packetsigning required
To then disable signing if your environment doesn’t support it use the following command:
dsconfigad -packetsigning disable
The default variable is allow, which will use LDAP signing when possible.