Active directory supports the use of either NTLM or LDAP. (available in Alfresco Community and Enterprise)
Both options will allow you to use Windows Domain Accounts to log into Alfresco.
using LDAP you will be taken to the same standard alfresco login page where you can enter your AD credentials and you are in.
The advantage of NTLM is the ability to use Single Sign On. This will automatically log you into alfresco when your desktop is logged into the domain. So you log into windows and windows will forward your credentials to alfresco when you navigate to it. If you are not logged into the domain, alfresco will prompt you for your AD credentials. This method will work out of the box in Internet Explorer. However, there is one configuration that needs to be made to Firefox to essentially loosen the security.
You can use Active Directory to fully manage Users and Groups in Alfresco.
Groups are imported/updated with the alfresco LDAP synchronization mechanism. The LDAP synchronization process also updates user meta data such as email and phone number.
To use AD with Alfresco you only need either LDAP or NTLM or both . Synchronization is always optional
Alfresco Enterprise will support Kerberos but i have never used it.
I have been having issues with LDAP in alfresco labs 3.0 B and C. Essentially it doesn't let you use the AD username but the first and last name of the user as as the Alfresco username. Basically the issue comes down to AD not following standards, and someone removing (or changing) the tweak in Alfresco that allowed it to work. If you want more details let me know. In Alfresco 3.0A LDAP works fine but has another issue.
If you need any configuration pointers ill let me know. It can be a bit annoying at times to find the one tweak to have Alfresco play very nice with AD
