A: Yes all users/staff must be created and then granted permissions to authenticate via LDAP/AD
When I manually create users, all I see in Authentication Sources are "Use any available backend" and "Local Client Authentication". I am assuming that LDAP AD Auth is not yet available for users, non-helpdesk staff.
I believe it's a core plugin but you have to enable it for use. I used the following guide: http://tmib.net/osticket-181-how-configure-ldap-authentication-and-lookup-plugin