We have an RSA Authentication Manager server and a few hundred tokens. We are using this as a 2F back-end for Cisco Secure ACS and for Linux authentication (with the PAM module). If we wanted to use tokens with our Windows 2012 Active Directory servers, what additional components or products would we need? We want to be able to use AD accounts, but use the Token Code instead of the password. This would also not be required for all accounts, since we have a 2F PKI solution in place for system logins, but for applications that support AD/LDAP and not PKI, using the RSA SecuID Token seems like the best option to get these apps behind 2F.