We use active directory for authentication only, not authorization. What this means is you will create users exactly like you do now but you can leave the password field blank (or put anything in it, it is ignored). The username in NexOSS must exactly match the username in active directory. When a user attempts to login, NexOSS will first check if the user exists in the local user file. If yes, NexOSS will then use the supplied username and password and attempt to authenticate with the active directory server. If successful, the user will now be authenticated. Setting up active directory integration disables the excessive login attempt lock on NexOSS.