I am managing a VMware v6x environment that is currently AD integrated. I have a question concerning how to manage roles in an AD integrated environment. Do I mange the users' roles from within AD using GPOs or do I manage the User Roles from within the Web Client? I need to determine the most expedient and secure method to manage User account roles within a VMware configuration that is AD integrated. I have a current AD group for example, AD_vSphere populated with all of the VMware users as members. Once again, should I control the Roles settings from within AD or the Web Client console?