LDAP a bit funny and a bit “different” than traditional data stores – so there’s definitely a learning curve involved.

The most challenging part would be to get a “grip” on the LDAP paths and how to build those up and use them. Also: permissions to connect to LDAP are always a bit issue. And if you want to start searching for objects in your LDAP store, then the rather tricky syntax of LDAP filters might also be a bit of a challenge to wrap your brain around 🙂

If you intend to talk to and use Active Directory on Windows, then you should definitely check out the SelfADSI site with lots of useful information.

You didn’t mention what language/programming environment you intend to use – if you’re on .NET 3.5 or newer (C#, VB.NET), you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:

• Managing Directory Security Principals in the .NET Framework 3.5
• MSDN docs on System.DirectoryServices.AccountManagement

Basically, you can define a domain context and easily find users and/or groups in AD:

// set up domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);

// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");

if(user != null)
{
   // do something here....     
}

// find the group in question
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere");

// if found....
if (group != null)
{
   // iterate over members
   foreach (Principal p in group.GetMembers())
   {
      Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName);
      // do whatever you need to do to those members
   }
}

The new S.DS.AM namespace makes it really easy to play around with users and groups in AD in C#/VB.NET!