Lucas,
Thanks. I was thinking that a solution revolving around 5 would work, just needs some imagination.
Forgetting everything else going on... we are working to deploy servers in a rapid manner (openstack) for customers. Logging into a portal, they would get a webtop where they can click on the servers they own, and connect.
Obviously this can change dynamically and thus some of my questions. Even if we publish a xml file twice a day that gets read in and deployed, I'd be happy. Of course, doing an AD lookup with associated server objects is better.
User logs in, ad lookup, has x,y,z objects associated, creates x,y,z on webtop...