Those User/Group Configuration options are very important.
AD integration is a major thing for me in a business environment. I always look for tools that integrate against it, it makes my life easier. And now with Samba 4 I can get a basic 2008R2 AD (which does everything I need) running on linux without the Microsoft expense.
From working with other AD integration tools, I’d say consider how ejabberd integrates with LDAP/AD for an idea of both what to do and not to do. The “official” module(s) are really good but fall just short of being completely flexible for all AD setups. They have created multiple modules for each part of LDAP/AD integration. One handles LDAP authentication. Another handles shared rosters (what and how users/groups show up in your XMPP client). And another handled vcard data (mapping AD attributes to vcard fields). The only really issue I have with what they offer is the mod_shared_roster_ldap module, which lacks the necessary filtering. Someone modified it (wish they would merge or adopt the changes) and offered a TON of flexibility (see HERE).
I think you could go down a similar path. The authentication part is pretty much there. From that you would expand by offering something like the “shared_roster” plugin which defined with users/groups to pull and let people really structure the LDAP query to only get what they want. And finally something like vcard, which defines a mapping of LDAP/AD attributes to FreePBX attributes.
I just upgraded to 13 on a new deployment that I have to get setup by the end of the month and this was one of the main reasons I took the jump instead of waiting and dealing with the transition after the fact. I wish I had more time to discuss this feature because I think it is a major plus to FreePBX and I would certainly pay for a well fleshed out LDAP/AD implementation (especially with GUI setup).