No matter what the client, whether it be a PowerShell script or the native ActiveRoles Server MMC Console, authentication credentials will always be passed in an encrypted form.
All RPC/DCOM traffic between the ActiveRoles Server to and from the MMC Console, Web Interface, and/or ADSI Provider is encrypted.
When the Administration Service resets a password on an Active Directory object, that password is always encrypted.
Encryption of non-password data depends on system configuration (such as Group Policy settings) on the machine hosting the ActiveRoles Server service. To force encryption for all LDAP traffic, it is possible to configure Administration Service to use LDAP SSL for managed domains.
Microsoft offers several resources, such as: LDAP over SSL (LDAPS) Certificate
For more information, please contact Microsoft.