AJ,
Welcome to the forums.
I am not an AD shop, but it sounds like you' re on the right path.
Have you seen the seen the Fortigate Cookbook?
http://docs.fortinet.com/cookbook.html?
In general, you create a Fortigate User Group and then associate it with a Directory Service User Group. In FortiOS 4.2.13, you do this under the User tab. You can then create UTM policies based on the Fortigate User Group under the UTM tab. Then ultimately, you create an access policy under the Firewall tab that uses the UTM policies.
I believe AD has a guest user that gets a default policy if it doesn' t match any of your existing user group policies. Typically, most shops have this default to a series of security updates.
Before anyone could give you more detailed instructions, you' d need to tell them what version of FortiOS you are running. There are basically 3 branches of FortiOS now: 4.2.x, 4.3.x, and 5.0.
Based on other forum posts, here' s the consensus that I found:
4.2.13 is considered solid and very reliable.
4.3.9 is considered stable now for those that need the features included.
5.0 was just released broadly. I haven' t heard of anyone running this on production boxes yet, but it' s supposed to be pretty good for a FortiOS dot zero release.
Fortigate has done a decent job with their documentation. You' ll want the PDFs on your desktop for fast reference as you get familiar with things.
Bill
==========
Fortigate 600C 5.0.12, 111C 5.0.2
Logstash 1.4.1