I can access my corp AD with SysInternals' "AdExplorer" with no problems. however, when I try to use generic LDAP browser (ldp.exe in my example) to access the same AD directory I can't get the required protocol/auth method. I think I have tried them all.
what protocol/settings does AdExplorer use by default?
I'm pretty sure it uses Kerberos/NTLM.
Make sure you're not only connecting to AD with LDP, but that you're also binding (ie- authenticating). It's a 2-step process with LDP.
Once you do that you should be able to perform other functions using LDP.
In LDP.EXE, after you do Connection->Connect, then do Connection->Bind, then if you have the "Domain" checkbox checked, leave the rest blank and it will authenticate with your current credentials.
When using an LDAP browser, you usually need to bind with your full DN, which is often not obvious from the MMC.
If you are on 2008, the ADUC MMC snapin has an option Advanced View, that can be enabled from a menu, and then when you look at an object, (not via a Find alas, only via a tree browse, which sucks!) there is a new tab called Attribute Editor.
There is an attribute Distinguished name that has the full DN you need to bind with.