We see interest in AD increasingly driven by customer concern re security. The most recent request was for app administrators to require new passwords every 21 days with specified password length and character types, and not to be allowed to reuse the previous 14(?) passwords.

Which is possible via code, but these needs tend to change and once you do it the first time, you're on the hook for each iteration.

Link it to AD and the customer can manage such things themselves as they please, or call on MS rather than us if they decide the features aren't adequate. ;-)

So, we now offer 3 login modes:

1) Legacy mode- our own username/password hashing technique dating back to the 1990s.
2) AutoAD - which tries to log the user in as the current AD user. As long as they have app privs, no separate login needed and the app runs. Most useful where users have static workstations and always log into AD as themselves.
3) ADLogin- Login dialog with username and password checked against AD. Doesn't need to match the current AD user. Useful where there are shared/always on machines and potential for security breach if people have to log into the PC as themselves to access the app.

It's easier than it looks- E.g. Sys(0) contains the current AD user and there are multiple techniques to check usernames and password against AD.