I have started to use the System.DirectoryServices.AccountManagement.PrincipalContext class to communicate with an Active Directory. E.g if I want to find information about a user I use UserPrincipal.FindByIdentity(PrincipalContext context.....). Or if I want to validate credentials I use PrincipalContext.ValidateCredentials. I use this code in different solutions, e.g. custom built ADMemberShipProvider, but have got "complaints" from the technicians that there are ldap calls without using Kerberos. I have tried different ContextOptions values but with no success. I found forum posts like this: http://www.netframeworkdev.com/net-base-class-library/systemdirectoryservicesaccountmanagementprincipalcontextvalidatecredentials-accepts-old-password-5027.shtml saying that the code beneath ends up in a LdapConnection with System.DirectoryServices.Protocols.AuthType.Negotiate.
By using Reflector I found that it ends up in this call to the System.DirectoryServices.AccountManagement.CredentialValidator class: