AD users password authing off of OD – how?

I want my users, existing both in Open Directory and Active Directory (via a custom sync process), to log in to Windows machines that are part of the Active Directory domain with their username in AD (and OD), but have the password authentication to be re-directed to Password Server. This would give us the flexibility to have our users in AD groups, giving them group policy permissions and the like, but only having to use one password whether they were logging into a Mac or a PC. I know the opposite is possible, (having common usernames but password authenticating off of AD), however I have 20 times more site-based OS X servers acting as replicas then I have AD servers. I've been told that this is possible by setting some attribute in AD on the user record to point to the password server. Does anyone know what attribute to use and what the syntax of that attribute is?