The Active Directory Plugin cant be configured to use anynomymous auth to the ldap server using the jenkins.yaml through the infrasstructure as acode plugin.
If I configure it in the UI (which works only up to the next restart), the generated jenkins.yaml will look like something like this:
 
securityRealm:
    activeDirectory:
      bindPassword: "{AQAAABAAAAAQT1Y8TFig7L+fUeh1qa=}"
      customDomain: true
      domains:
      - bindPassword: "{AQAAABAAAAAQcFI66yMD9kUdg6nmR=}"
        name: "ham.example.de"
        servers: "server1.ham.example.de"
        site: "ham.example.de"
        tlsConfiguration: TRUST_ALL_CERTIFICATES
      groupLookupStrategy: TOKENGROUPS
      removeIrrelevantGroups: false
      requireTLS: true
      startTls: true
  
Note I didnt enter any username/Password in the UI. 
Once I remove these bindPassword lines and do a redeploy the configuration will be omitted and Jenkins will fallback to the internal user database.
This looks like a bug.