For 802.1x with IAS/AD the options are pretty limited.
You can only use PEAP or EAP-TLS
Hence, you will need a server certificate (peap and tls) and client
certificate (tls only).
If you have a CA then it saves you the hassle of getting the certificates
from a third party.