I am using Active Directory authentication (NTDomainLoginModule with ntlm-config.properties) with a default domain, which is working fine. I also want to enable synchronization for users and groups; but all of the instructions that I can find for setting up synchronization seem to assume I am using LDAP authentication. I tried using LDAP authentication before, but struggled mightily and was never able to get it working. I would rather not have to go back to that to enable synchronization. Does the NTDomainLoginModule support synchronization, and are there instructions for how to enable it?