Chapter 3 Authentication for FortiOS 5.0 : Agent-based FSSO : Introduction to agent-based FSSO : FSSO for Windows AD : Collector agent AD Access mode - Standard versus Advanced
  
Collector agent AD Access mode - Standard versus Advanced
The Collector agent has two ways to access Active Directory user information. The main difference between Standard and Advanced mode is the naming convention used when referring to username information.
Standard mode uses regular Windows convention: Domain\Username. Advanced mode uses LDAP convention: CN=User, OU=Name, DC=Domain.
If there is no special requirement to use LDAP— best practices suggest you set up FSSO in Standard mode. This mode is easier to set up, and is usually easier to maintain and troubleshoot.
Standard and advanced modes have the same level of functionality with the following exceptions:
1. Users have to create Group filters on the Collector agent. This differs from Advanced mode where Group filters are configured from the FortiGate unit. Fortinet strongly encourages users to create filters from CA.
2. Advanced mode supports nested or inherited groups. This means that users may be a member of multiple monitored groups. Standard mode does not support nested groups so a user must be a direct member of the group being monitored.