I followed the directions from Sharon in the ticket linked by Brady and it seems to be working for us. The key is you need to create a user first that exists in your active directory and give the user administrator permissions (if you don’t have a user named ‘admin’ in active directory already). So all users need to be created in OpenEMR first, and then password authentication is done against AD.
This is very helpful, however, we would like to make use of active directory groups as well, and possibly auto-create users if they are in a certain AD group to reduce management time. Is anyone working on anything like this yet, or would anyone be opposed to extending this functionality?